lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <F6B8129F-82CB-4C77-AF16-F80CB61E66D5@lists.apple.com>
Date: Mon, 23 Jan 2023 18:41:11 -0800
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2023-01-23-8 Safari 16.3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2023-01-23-8 Safari 16.3

Safari 16.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213600.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 245464
CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao Hu, Yue Sun, Jiming
Wang, JiKai Ren and Hang Shu of Institute of Computing Technology,
Chinese Academy of Sciences

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 248268
CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE
WebKit Bugzilla: 248268
CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE

Additional recognition

WebKit
We would like to acknowledge Eliya Stein of Confiant for their
assistance.

Safari 16.3 may be obtained from the Mac App Store.
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPImAACgkQ4RjMIDke
NxmOtA/8C2w5NPXlcGH2m1GpCgxiEDQ/SreXYbyKbflivbXDwE1L+XAzTMhRIHF5
KjcqvjaoBh4oHN7IfQNq12/YE3+RMDF03J0sTefTT7SeLjN0wKM92jcqFWSGsLNI
UrsO3+jP89/2Di4IY3E07mu7iiZzgi8zGUPoMOxqJK8zpfYFXVe5LVyOfI3ETe2R
njH7et/tvW4KgVGyS4+tVHvC6Dts7efEKC10vgc4xdlWH69OHqUYT2eP7bX909MK
t8qnl5YW/W155rKWeZrngRP5gbwAWv6+Q5Jh6X/TZYi1S/5HEgBSUdn/8Cto9A2v
5FLZJLtYdoO137FqFMxH8ePWGGaL2JOVkeVYRZgkBnqZWMw4CUFgA6zW8i20e/aY
k1IaJsQzgrXzYEDjoXIq1MXgO5egY6pQNIyKtutRSpskWhoOFRXjKHLna0W1R+l6
YvfIpprHPlOae7koSwJJqQbq/XvD3XECtrf0xGqFiD5ntCNysFcy5hAEoswVpzkz
8368C6OU/bwOuryTlrImLDEsgJBozJk6CGhNgFMg81xzCMt7SzOqTR7u50P3VOki
9wt38tejRZyWTJiy3Tke/WlxrN0xl6vnBPsfDX7EW8+xC17mFAJlpnxy3f5Z1mdQ
q6mG51oZtFSgQR1cKUek/fnKpBNiauEk7A+Amm0nfzlpBT+4rKw=
=YCs8
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ