[<prev] [next>] [day] [month] [year] [list]
Message-id: <BF921F2C-9278-40C0-A5A2-DEA1E78E4B06@lists.apple.com>
Date: Wed, 16 Sep 2020 14:55:04 -0700
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2020-09-16-3 Safari 14.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-09-16-3 Safari 14.0
Safari 14.0 is now available and addresses the following:
WebKit
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-9948: Brendan Draper (@6r3nd4n) working with Trend Micro
Zero Day Initiative
WebKit
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos
WebKit
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9952: Ryan Pickren (ryanpickren.com)
WebKit
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9983: zhunki
Installation note:
Safari 14.0 may be obtained from the Mac App Store.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl9igrIACgkQZcsbuWJ6
jjCpCg/9HrN7CFbJ5xDXcHJdB/nQi4DeMR7Ub39sDRg7fjhUN9hVpAfYe8wqfS/6
CCnegVb/vz2OEo0gFQdp9xvKeVKzzepxjf2KCUNmEaKilY+ERWp5E6Y210GEHwYz
ihwTtLPk76hTupqquxq21IvofUgT0fpUmiLkL5vRucYe5qh963bKM4EJ6wwcJ2SM
b3IkGsiG4L4aOIaQWZ0lpfiDF2RvHwmi4zRdMLGw18mjmufdjmj0UrxoUYjZreu7
AAXYYwo6xozYZ/dSV3a/7QBZZ76kn3g0n3fMrymyKF2p+M3Arj78zX+N0ZsdSR0Y
rIALxZrJR9JEeng+D3V+e+KrFTRAPTPXS5tdnHwrO0IK3LQx3gcmInH3vDLpTDtw
uCr8EFpl54ukYmrvOHIEo+touCl37sneB7J6oC9SWDRB3HyrgCq31r8mDrNOnKbg
RPkdqhW5NYZ14DsBRszutTZcuXZ+V4jVbWIzmI2FADrnc61oQPNhM0gOM/wKdIMs
0BsOufl6NIqIyR613mrkso0fKh7kO5k3Mxrlkbns8/r1ZayjJy8EpWoYkagZzwlH
hFY+JSZDwF35KMa4rxHW67HAuJrQWcNn3NjtGkWg50GqWMPCueiefzOp7jDha1VY
ZxiH8LYs6ptMIkwG6FBUjLO22wu2oXuuiiAjyUCgoWUgQTj8UoQ=
=Z6cg
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists