| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Dec 2021 12:58:37 -0800 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2021-12-15-7 Safari 15.2 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-12-15-7 Safari 15.2 Safari 15.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212982. WebKit Available for: macOS Big Sur and macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30934: Dani Biro WebKit Available for: macOS Big Sur and macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-30936: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab CVE-2021-30951: Pangu WebKit Available for: macOS Big Sur and macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2021-30952: WeBin WebKit Available for: macOS Big Sur and macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A race condition was addressed with improved state handling. CVE-2021-30984: Kunlun Lab WebKit Available for: macOS Big Sur and macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30953: VRIJ WebKit Available for: macOS Big Sur and macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2021-30954: Kunlun Lab Additional recognition WebKit We would like to acknowledge Jzhu, Peter Snyder of Brave, and Soroush Karami for their assistance. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnUACgkQeC9qKD1p rhjoERAA4p1QO7OCgTEUtZQxQx4PptzOw/A/5ufYVD5qZXUKmfK/ICXy0L+32Bb8 qGCQq/20APdRbYN+E6tgmivJ4EOt8WXkeyNp0CFjqvpgsMzji/A8TaHIMbQXxPP5 BNRxl4GQjxLIptbta2G10La27FfMqcQOU2VV4gonPVQlGb4r9JAkwer5S5zqASgU 7ZQ+IUJSpyFoBXMNSM1zDd9k8wfjLJoFJQeO9TAJt97fyLmOYr/n2vPG9+H28TxK y6y+GuZzvV7qMo+BMAhQVzA1i/P0ZgqOLSp2IVBR3+92saLkH0EmuRI8OBD6SXT2 BnI7oyp7BrYxGyRWC5oFfOX+ZL/T80m5wWlGsxXABQ9U2agvqDiSyvVa1URnyMvp mgux+JZEQmNcu1Va7+LhoI1HWyogDNS3OVhLmhgejfno8++pR1Y2p+RDhdaKxnzi VnBrO+yr4YlTT1gGbPqHbVywVgUkfolVVYcZ1enLP4qB9Xt66XJkiOTtIUGgVQ5u vK0oWxHgzAEDc+o4oKgubm7HaFGUNA1Kv1XCq2m56A+e5nLO5b0jAr5BkXtV8EfO TNC/ecd0B2dNmQf5S1k23PCkUX3som0WN62ocKkNidFVJ33GFP6xEHc2iaEk3DIc aOB6r1awfCFLfk9cYes3Uzw5zCVCs5VaGe1fdQD4J4oZCihvm20= =AWpZ -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists