| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 12 Sep 2022 11:26:09 -0700 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2022-09-12-5 Safari 16 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-09-12-5 Safari 16 Safari 16 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213442. Safari Extensions Available for: macOS Big Sur and macOS Monterey Impact: A website may be able to track users through Safari web extensions Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 242278 CVE-2022-32868: Michael WebKit Available for: macOS Big Sur and macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer, afang5472, xmzyshypnc WebKit Available for: macOS Big Sur and macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative WebKit Available for: macOS Big Sur and macOS Monterey Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243236 CVE-2022-32891: @real_as3617, an anonymous researcher Safari 16 may be obtained from the Mac App Store. All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmMfdgMACgkQ4RjMIDke Nxk7dRAAgdvFNEmEdfhDdLWbn7ZIdNrxPZDsg1MiCVFyPvPesNRo3Uj+XI2m93E4 U7koTDn7+DE62TjkdNEqOQ0bXpy84uWAcZoZDmGJOt0IQOPwcMf8CMzhj/GytrTt PCC2IjWDuoJsoQ9lIm71WN3nsfrpO/P4cO04H3Tw4CxFI9Oj0doALGvamf0XVYCN TyCdw15kQ+WTriI5rnzsE4qqh4vaEKeuyEiZQzR26p3ctpT+inffGz6g9uYgy5AW v1Kwln7DDSIvYyAcrIyPKqwjsdfD6dmnufKTSUkOHLOpvqx5P/PLQ9f4qv3VXy6c Bs4eLUUvONzxoo07TB3V3/OsC1eQwDnPugrja5SFTgZUpl9QM7PMijoOar7Y11JL fMgJArHEDWB4JatejBrgsBps+SU2ozSAaT71hfm77Jb1TSSRDuxX2po2AjiwKOcF S+T2yJSIgI5nsP9i1RRG3+hN6MOUKKmFxlWxXPLdCO4pG04qdmMOE5HR2bRgQ3/o gdRb/OYTQkchSlhbpvdF8zO0QZLXh+GeiLxWoygfbQQmv33KeKRlrbKVctyB4HQZ ZxTi0Tn5pfdnuB2QvGn6b0KZZJlDHkiiNj3grvD5uFSH6H0MV7apLiJ636qEL/Tp o8PWQgop+KfYatZDVAQMYekpRYwz7oDdFm/i6SYvnP09wx55Ooc= =+qsX -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists