lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 29 Oct 2019 16:04:49 -0700
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2019-10-29-7 Additional information for
 APPLE-SA-2019-9-26-4 Safari 13

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2019-10-29-7 Additional information
for APPLE-SA-2019-9-26-4 Safari 13

Safari 13 addresses the following:

WebKit
Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2019-8625: Sergei Glazunov of Google Project Zero
CVE-2019-8719: Sergei Glazunov of Google Project Zero
Entry added October 29, 2019

WebKit
Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8707: an anonymous researcher working with Trend Micro's
Zero Day Initiative, cc working with Trend Micro Zero Day Initiative
CVE-2019-8726: Jihui Lu of Tencent KeenLab
CVE-2019-8728: Junho Jang of LINE Security Team and Hanul Choi of
ABLY Corporation
CVE-2019-8733: Sergei Glazunov of Google Project Zero
CVE-2019-8734: found by OSS-Fuzz
CVE-2019-8735: G. Geshev working with Trend Micro Zero Day Initiative
Entry added October 29, 2019

WebKit Page Loading
Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2019-8674: Sergei Glazunov of Google Project Zero

Additional recognition

WebKit
We would like to acknowledge MinJeong Kim of Information Security
Lab, Chungnam National University, JaeCheol Ryou of the Information
Security Lab, Chungnam National University in South Korea, Yiğit Can
YILMAZ (@yilmazcanyigit), Zhihua Yao of DBAPPSecurity Zion Lab, an
anonymous researcher, and cc working with Trend Micro's Zero Day
Initiative for their assistance.

Installation note:

Safari 13 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24p5YpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQBz4uGe3y0M00kRAA
tOJHN3d53CphHqulCJAI5yuhbbNWq14bv4eEMckxYha3i84y8SZyz2f7K/sN6UKz
/04FqhUJFE5ngD4dXN2WsA6w4Ncd/BA3/KLUpE6YIU7RmLLF5VsU40OxNi66BEoW
OX/BX3eNEHoAr8x7Lg+XNHPB3brZySG+gthwn0UJsq6hiruqvJhiA4tvO4p+FeIy
a1lWWlINPB8fR92Rhp/57aRGpwnaSLJXqjOkuW7rT9sW/RjFtxs2eHXyutmK4wJ0
SoXh4iJr7w+4DyhX5igduy5W/2cKks0+DF6Dp0Zd9cyo8DcD9t8eiTj9sWusfKj8
jwVSw4tiFQCQxns7Ud+EwdGgOMqWzzlcD4WPV80LySJm5ba0mTCS0hJ3aLJV/mvC
DN5zJcreFetR3zH21XNIZUDwLrByaIzUafnnAh+z1HHyyMSz6xxoZDiTe0ZIhoCN
7zlIBtj4m1CYKpTHG2xTkHZCJHb3XRCx27rtPvtn0p9S/1hpHdlYkQEZr1yPUAhj
qfOdnm3B2Yj0D9AoaYY5Lq4RhxkAU/D6D9tpkj09vBOBN7cFqgscSeCWF2evTOSP
BUM/zn7crJJQ2rsFnJqiu5VrQ076Xp42/pYCvvL0dyaqiMq38H3OgEso9tm3ol19
bhdIF9Lt+f6ADw1tM+4wMkExo/JxyARQGc/Hoc43a8s=
=PATl
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists