lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 16 Sep 2020 14:55:04 -0700
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2020-09-16-3 Safari 14.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2020-09-16-3 Safari 14.0

Safari 14.0 is now available and addresses the following:

WebKit
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-9948: Brendan Draper (@6r3nd4n) working with Trend Micro
Zero Day Initiative

WebKit
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos

WebKit
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9952: Ryan Pickren (ryanpickren.com)

WebKit
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9983: zhunki

Installation note:

Safari 14.0 may be obtained from the Mac App Store.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl9igrIACgkQZcsbuWJ6
jjCpCg/9HrN7CFbJ5xDXcHJdB/nQi4DeMR7Ub39sDRg7fjhUN9hVpAfYe8wqfS/6
CCnegVb/vz2OEo0gFQdp9xvKeVKzzepxjf2KCUNmEaKilY+ERWp5E6Y210GEHwYz
ihwTtLPk76hTupqquxq21IvofUgT0fpUmiLkL5vRucYe5qh963bKM4EJ6wwcJ2SM
b3IkGsiG4L4aOIaQWZ0lpfiDF2RvHwmi4zRdMLGw18mjmufdjmj0UrxoUYjZreu7
AAXYYwo6xozYZ/dSV3a/7QBZZ76kn3g0n3fMrymyKF2p+M3Arj78zX+N0ZsdSR0Y
rIALxZrJR9JEeng+D3V+e+KrFTRAPTPXS5tdnHwrO0IK3LQx3gcmInH3vDLpTDtw
uCr8EFpl54ukYmrvOHIEo+touCl37sneB7J6oC9SWDRB3HyrgCq31r8mDrNOnKbg
RPkdqhW5NYZ14DsBRszutTZcuXZ+V4jVbWIzmI2FADrnc61oQPNhM0gOM/wKdIMs
0BsOufl6NIqIyR613mrkso0fKh7kO5k3Mxrlkbns8/r1ZayjJy8EpWoYkagZzwlH
hFY+JSZDwF35KMa4rxHW67HAuJrQWcNn3NjtGkWg50GqWMPCueiefzOp7jDha1VY
ZxiH8LYs6ptMIkwG6FBUjLO22wu2oXuuiiAjyUCgoWUgQTj8UoQ=
=Z6cg
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists