[<prev] [next>] [day] [month] [year] [list]
Message-id: <29C1095D-9988-4B22-9733-BA14380A728F@apple.com>
Date: Mon, 24 Jul 2023 17:22:39 -0700
From: Deven Kishore via Fulldisclosure <fulldisclosure@...lists.org>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2023-07-24-1 Safari 16.6
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2023-07-24-1 Safari 16.6
Safari 16.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213847.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: A website may be able to bypass Same Origin Policy
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 256549
CVE-2023-38572: Narendra Bhati (twitter.com/imnarendrabhati) of Suma
Soft Pvt. Ltd, Pune - India
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 256865
CVE-2023-38594: Yuhao Hu
WebKit Bugzilla: 256573
CVE-2023-38595: an anonymous researcher, Jiming Wang, and Jikai Ren
WebKit Bugzilla: 257387
CVE-2023-38600: Anonymous working with Trend Micro Zero Day Initiative
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 258058
CVE-2023-38611: Francisco Alonso (@revskills)
WebKit Process Model
Available for: macOS Big Sur and macOS Monterey
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 258100
CVE-2023-38597: 이준성(Junsung Lee) of Cross Republic
WebKit Web Inspector
Available for: macOS Big Sur and macOS Monterey
Impact: Processing web content may disclose sensitive information
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 256932
CVE-2023-38133: YeongHyeon Choi (@hyeon101010)
Additional recognition
WebRTC
We would like to acknowledge an anonymous researcher for their
assistance.
Safari 16.6 may be obtained from the Mac App Store.
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmS/FLUACgkQ4RjMIDke
NxmswA/+Ogpb238ypqmIxTWos/b/TTV2uTnDHQHuKGVBMiVy0Rh+3Cnu2GTTSLiC
bYh2hWCXP3jarhE3/dosv7AhtYvDHYgh0fCbVCRn43rTGVMpJGSAZ3NzyfD76fPQ
4XlaGZuf9326GGXq9lY00Ga98zA0Hf40JJzVpYXgoLopmVml8lgRyJSN1EVjXPJR
fKJSe0y/aKHmH1qAIyVG4Q0qMVTamRCUmZwSp++UZ/gwg2E3qBTT30voPmvw1onW
uRMdUXyh+K74/O7nan6P5z/WHuUAdRX6Hpjr7IvNcasm/KPEBOfj4lx1YwWJ592E
F0o+d2k7awPElXMfsGTewW1HynJuis57AN808XOYjBCd+pKKlQq6NdKun87d3zxr
RjmDdh4Yoqs3aaDckRYk8arq4g0/mKn9wSiVXwvoYC5YBePR8CQxzdP98gAqhjQM
y9w1xPyb0Y5qCNPhPw4dk7OSrLI3y8Z+BWdMc/TIO+GOHYMdM4BtUoZ/M5T3Nqgb
++EAggF5ajSJXmHNEVS5zLDcuP+HSYqQphqc8y6WMmWHM8tLA53OWiTDMSHP5n0x
OFdgAYgegvc2dDbhDjVMAaVJuWqMKtsnIO//1+9ffBk4QSkQUZwGk3ybO+r27V4a
1NzO/xMvepp/ZHj+R7j+bE4KVw6bPX43agaE+00WMMx+TqVXa4c=
=RW2J
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists