| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Nov 2020 11:37:34 -0800 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0 Safari 14.0 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT211845. Safari Available for: macOS Catalina and macOS Mojave, and included in macOS Big Sur Impact: Visiting a malicious website may lead to address bar spoofing Description: The issue was addressed with improved UI handling. CVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba, Piotr Duszynski Entry added November 12, 2020 Safari Available for: macOS Catalina and macOS Mojave, and included in macOS Big Sur Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2020-9987: Rafay Baloch (cybercitadel.com) of Cyber Citadel Entry added November 12, 2020 WebKit Available for: macOS Catalina and macOS Mojave Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-9948: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative WebKit Available for: macOS Catalina and macOS Mojave, and included in macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9947: cc working with Trend Micro Zero Day Initiative CVE-2020-9950: cc working with Trend Micro Zero Day Initiative CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos Entry updated November 12, 2020 WebKit Available for: macOS Catalina and macOS Mojave Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-9952: Ryan Pickren (ryanpickren.com) WebKit Available for: macOS Catalina and macOS Mojave Impact: Processing maliciously crafted web content may lead to code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9983: zhunki Additional recognition Safari We would like to acknowledge @PaulosYibelo of Limehats, Ryan Pickren (ryanpickren.com) for their assistance. Entry added November 12, 2020 Safari Reader We would like to acknowledge Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance. Entry added November 12, 2020 WebKit We would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance. Entry added November 12, 2020 Installation note: Safari 14.0 may be obtained from the Mac App Store. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uxmkACgkQZcsbuWJ6 jjC10xAApnFTMOYmt4Y5o7KF5E6OBizR9toCIxwAxr8nRX5/UfPC3aIKv7DFYTP/ JrAlUMM8soZAuytc1dQPXpMgsM71OctsSM92Z06oEVeiN9w1lZ/Bonh8F2R0Sm2Y upMFk6aHHWt++JfhbYQULNZx9zrT885dmyynLTk5kHB8TRnIqUmtzcpeYWkGkT78 TdMn9w9atcbSbi0Yqybmy+CE3qvm96C8TIQTMj2Qlp04AU0ZAtogZfTwJvPV8LIx sqHaGRO2hcTchxcWn50edjANOOBK+16QdcqoTKKVZY95RjIFvksD/lAZqMlNIlNR X5pXr2NfkPRQwMcyAW4YKEJ165TohV/6eiYKJr70BbigWWwfNWhjJiT4drAnd9ii uO6NI85hLLeF6me28L2RPxO7XuVnu5MXzLzgKR0dprsyoF0yxEcJ6rX56bduggli lZ+eziUH5ReUw0E3RtIC5u0NSOPjsYuErH0qH0nCTUU6dRNI7u1ZKq44eyGjrdvg vfNoci5yMnqsp+8D/yjZc2zQZCSEXgMpuNNac1Unv1JFPrypG/N5a2qmqDWi+P/x Pcbv1TzDS0XwXuwXMgTflj6MY38gbAIpZlZNEyjvxx9r7MUBYEeEW1KMoTtghiaa kL7XmKJEGZib++TAP4+jZ/6tWjhijdmkx5S+85vi7TV8NbHpn4o= =EiFD -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists