| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Sep 2017 10:36:58 -0700 From: Apple Product Security <product-security-noreply@...ts.apple.com> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2017-09-19-2 Safari 11 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-09-19-2 Safari 11 Safari 11 is now available and addresses the following: Safari Available for: OS X El Capitan 10.11.6 and macOS Sierra 10.12.6 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7085: xisigr of Tencent's Xuanwu Lab (tencent.com) WebKit Available for: OS X El Capitan 10.11.6 and macOS Sierra 10.12.6 Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of the parent-tab. This issue was addressed with improved state management. CVE-2017-7089: Frans Rosén of Detectify, Anton Lopanitsyn of ONSEC WebKit Available for: OS X El Capitan 10.11.6 and macOS Sierra 10.12.6 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7106: Oliver Paukstadt of Thinking Objects GmbH (to.com) Installation note: Safari 11 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJZwVI4AAoJEIOj74w0bLRGzKAQAJ+ItWZHrg7rIO4Eqd4WfcGa Bkp6AKufqBISL2ixE/yRn44a0p328U9jLSdDI4RrW2vJeGpGI2yFXuSWiUHoYunU UCmX0FqtvxflFVY7vrLGNi6uJHmvvfRIu+XxOFzXgCaPqEcCT7Wa2pqLUoFNFDSB VxUISljZcKUQ3K/nMZnh/W3MbfldzeMHRHoLUwqyxubjg9oM3XYqoM4X/+t++oz6 Od1sS1Qco3ucczYSPM67SiE6lekFeH+R9zfAJCMQau6bvAeo6jpB83mUDM4+b3Yq mjHkKqdmn5Okfb4H8REG6VygJOHfybp6Yp384eOHRnS86ulK2RPNXdbMsgiqqNSn 6QMub3dtXJzWpFZdXFQLPegjP/K/Ek4UujStq8tUcex+ip7FXRbApwWUYYBJcopj jAbxpw6Dnn7bvXtM8ccC0equAX9lg/1y7r9DB8k3gonD0ok0dfmP2vcvH5jZA6V7 6PnLnaVj1qZMhiXTokthncrE5FZu34Q2jBfGOpprdjrbu3jTOLnw0pBcoq/zn4LK EmrrZwmtd3waknsB5+dA85C/Gva4ai3r5M0jNzFk0GoLBThSPtJ4IfWlktPjNb8H ficw6DNut1CaUVrdLbibkQ44XkMkM1PPYGdGDh7Ecx3y1hHE8FDiV2ClHp59jXpc 6lmheHRK8V4vpj1mtNht =H/8H -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists