| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <CA554A0F-F794-44DD-BA21-D377B87B7EAA@lists.apple.com> Date: Tue, 26 May 2020 17:24:17 -0700 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: Apple Product Security via Security-announce <security-announce@...ts.apple.com> Subject: [FD] APPLE-SA-2020-05-26-7 Safari 13.1.1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-05-26-7 Safari 13.1.1 Safari 13.1.1 is now available and addresses the following: Safari Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: A malicious process may cause Safari to launch an application Description: A logic issue was addressed with improved restrictions. CVE-2020-9801: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A logic issue was addressed with improved restrictions. CVE-2020-9802: Samuel Groß of Google Project Zero WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved restrictions. CVE-2020-9805: an anonymous researcher WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2020-9806: Wen Xu of SSLab at Georgia Tech CVE-2020-9807: Wen Xu of SSLab at Georgia Tech WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: A remote attacker may be able to cause arbitrary code execution Description: A logic issue was addressed with improved restrictions. CVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-9843: Ryan Pickren (ryanpickren.com) WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2020-9803: Wen Xu of SSLab at Georgia Tech WebRTC Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An access issue was addressed with improved memory management. CVE-2019-20503: Natalie Silvanovich of Google Project Zero Additional recognition WebKit We would like to acknowledge Aidan Dunlap of UT Austin for their assistance. Installation note: Safari 13.1.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64 iQIcBAEDCAAGBQJezV7rAAoJEAc+Lhnt8tDNAB4P/ii6fKM9mmFamwvDreABeVd7 u32JJjalk28WkDgudvnqa9cY/mzHtUwYODyrCaL3kjPisKiD7rRabVOWk8/rD6wi m6c8uk+g7of77qJ5m5y5g+TJdtYLxGItzJO5m9v+CqGrfX3hyCuIjnhsHrGWeqYF oYH4Xlkrw4Piy+Tw6jN5nBnR1I+d0C/h95SxOUIHae9HEjPmggF5QOfxMqzGNXWx MVO0jWoQL2Z4OzxMvmbNSQ5rkKeJNheedBdMuOMnh03o9wuyjgZV3aPEOMxVgE3g ZcCNIc1xjnGDiwhLab4/jqj7Py/EdpT04RADxymEgKpktLCIbSRi7skUkOvF7+zN IR8aVq5j4DXyJkadho4vjBhnkj0wCckyhsTw7kQ5ZGLqruFuB09ZwNHKhl9OcnXc TuamaVUn/ADC28NU2Fkf+/RaeYSvHSbvrDeDR0PDyCx5rLJwide/2UxNEZL4H8KD 2oIEr/I7BVeHcP8D0YYs3INtqJ3Yz0+P06bTvWh46bRw8uPkizcRS5IbpC+Sd5dh jd4efVe4ltTAQeDc91iSUnKy1vYpl/iOagHtO0CntnA/Fl44WEMR5NJDCQmQvA0i L8UWLAuJTZ1EngIlWv7ueqyhSp5qayX0PVQjAEpLxhgxmQXMmb9A83YMJYt7ORdk b2R6ImCxrVcNhr0o2lWK =MjL1 -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists