| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Oct 2022 11:39:47 -0700 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2022-10-24-7 Safari 16.1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-10-24-7 Safari 16.1 Safari 16.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213495. WebKit Available for: macOS Big Sur and macOS Monterey Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun) WebKit Available for: macOS Big Sur and macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs WebKit Available for: macOS Big Sur and macOS Monterey Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University WebKit PDF Available for: macOS Big Sur and macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative Additional recognition WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance. Safari 16.1 may be obtained from the Mac App Store. All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNW0V0ACgkQ4RjMIDke Nxl67BAAzLuZ5utG7MxoCm9BC6TtSkp240OAnLFuzalOp5PkWASHaNAuz8XQBtxU Rm/u1OtQhb2FF+wQ2LzlzlmQzY/K5CLX06yyB98941lHD8CcU/wTO5Wd6EhHlJqH 9WkopbwhGvOE3zUTTCPcgovFfP3V7rGAdpXcl14A72tqr+OxRkNfPq6QXnosPBxM oFRMDVtzalLSfB604A+59Ilod8bX3DipAH4tU43CqF1JdoBTcutXNBBg8W9hALsF 8K8Q0Q+WuSfNGC2H8/91404J0X2Y5kWg1f9jEaTjKDmUQAp/+jn0dDk3itHs9udv kQXLyipHmeYz7Qd8+Y9aXpFAzAXYgoy3pAEv3OQIt1mBpR/ubQSWfMNYqqcSD1A/ 5b+ycMWDet1x49qsQOQRXlVcWXqyZ6TS+TpYDUToYvT4lTu728PHci/RKyuH1x0B WD/pjwuwS8jaSHlhJpuriV3d0TA3aDaqnFqirSxRnBMEXCrJQ7WXrYU1x0uKQg27 Z+S5iuiQrBT9ZILKbNdFZwSp0XGzUN/+1jWAGX8p7pbQ6vihNR5G7E/HkpIJ9/x/ cQQyAMhsao26FU9wpcpC5ez7AN4WA1y4izccQ1leiLfEqT+M0pAp8RrhnDNZ/GQs EkLtLHlg41XskxAJ/o7zjhHf6J6wnitqR4FkowXPxmQ2ZxB2cLs= =CDey -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists