| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Jan 2022 16:00:34 -0800 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2022-01-26-7 Safari 15.3 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-01-26-7 Safari 15.3 Safari 15.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213058. WebKit Available for: macOS Big Sur and macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-22590: Toan Pham from Team Orca of Sea Security (security.sea.com) WebKit Available for: macOS Big Sur and macOS Catalina Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: A logic issue was addressed with improved state management. CVE-2022-22592: Prakash (@1lastBr3ath) WebKit Available for: macOS Big Sur and macOS Catalina Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com) WebKit Storage Available for: macOS Big Sur and macOS Catalina Impact: A website may be able to track sensitive user information Description: A cross-origin issue in the IndexDB API was addressed with improved input validation. CVE-2022-22594: Martin Bajanik of FingerprintJS Additional recognition WebKit We would like to acknowledge Prakash (@1lastBr3ath) for their assistance. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmHx1H0ACgkQeC9qKD1p rhhmuhAAsSvRUotU2wT/fO7W6DDZQURtKt1oUIKzbaNA77a/bdX9xvTl7mSlf9Dk bKq6bzSEMWf7h/fKOpgKYzba2bbQi5dF650KL04HR+cgREYO8r0zKMXBexcgNSUD AqBbV3OOWusLsn78SNkMqU8UcD7JN5tFzyinWyaOrS1E7yL+JsSAN0psLNVd7Tbg T2V4T4ue8AvLQt0inF+X9eFXd3y/xD798shciRQdw7AxF4frAccnqbcO6m8fxdxL jT7BYdsSRHE1zh1UgHRzJJHoyr1yCdc+sKHnWOljMJ6az+b0ZtleJr7S7xs/hhI3 MfQAHHjI3hjCCSa08Jd7f4qJPSa6cbv/tQdU540PTV+EjgmeNta4Y3zayesd38Aa XoI9ChEJyg37O9qegNXLOoKtnejjV/RRQG6S23C47As5XxslMniuhqVMLc9DeKdM uIpot6Hj37J5/hD134zKvjc+XIGuGbmBjr0pxoKE23qaU94jrnuQkqrJAJl3hzfa bT5jMhMqUzGzjmuNsGHcrw3/zuUoUbO74UfbYNxjI4GfYNnzRXcHR0A2jfWjIOj3 K6gxxVPfPU5452thGvGX7Z1N9dfC6SsZ/ERsRVYH7u8DK7C5cPmo7fPvprUKWQF6 NkVsIfogVG/qWfIy/fMZYGcwWJWROdVASs6vaRbFVwMyvqm3bEw= =GCwU -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists