lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-id: <946CDF11-04D9-4886-8E34-5F8A0B472DF8@lists.apple.com>
Date: Thu, 30 Nov 2023 15:05:13 -0800
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: Apple Product Security via Security-announce
 <security-announce@...ts.apple.com>
Subject: [FD] APPLE-SA-11-30-2023-1 Safari 17.1.2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-11-30-2023-1 Safari 17.1.2

Safari 17.1.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214033.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Monterey and macOS Ventura
Impact: Processing web content may disclose sensitive information. Apple
is aware of a report that this issue may have been exploited against
versions of iOS before iOS 16.7.1.
Description: An out-of-bounds read was addressed with improved input
validation.
WebKit Bugzilla: 265041
CVE-2023-42916: Clément Lecigne of Google's Threat Analysis Group

WebKit
Available for: macOS Monterey and macOS Ventura
Impact: Processing web content may lead to arbitrary code execution.
Apple is aware of a report that this issue may have been exploited
against versions of iOS before iOS 16.7.1.
Description: A memory corruption vulnerability was addressed with
improved locking.
WebKit Bugzilla: 265067
CVE-2023-42917: Clément Lecigne of Google's Threat Analysis Group

Safari 17.1.2 may be obtained from the Mac App Store.
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmVpEg8ACgkQX+5d1TXa
IvpIIw/+L5k+aLwUf7blhtLZpServytns7fQ3smgGh7ktf75P+0AwRyKAJtE45NG
3MjXlDQS5q2zkhdAAE9qTFkLHazbtzH1vSKEkYbLVDOkwZc6S7aGWP59VVPGw0Z5
bpgbt59M7MW7VqjCyXMMEkjeo9eEIzM4KZubK3U21keEjPJ9lzXApr/D42CYn3cm
qV+ctIuAivq/DP0XBIPEuer5TUmY0Vhkfo6gi2Ykg1508lBHcWY/RNPlnMjDAhfJ
uxz47S8DLk8UvpqiRT7T+/UUqiOk9TBVy8mvPVV9d2vA+wngdp8p5lScIB2mHTyi
OnimNp4cKQjOYcFF0nSYrdvUcmlmx0djyF2oC4hZWAosIgms4rmh5jRgKyoAfkMz
wPoRLBx9djmdVg4Hj7udatllWYUcIsEudLpMcGL4xjzha3eknHAF4mbUEp7yFKxM
QwlFomJZbdNbiw0ALgmN0+tjOjqnQHJSAyYRo9OYhzoN3jzZ1A6EPDMu+yCcWj9g
lzIf59WaQp9+YsDp6X/eCWkuyncOBYwkDN758zD125lTTubQ7mYmcywYyYSG+z4M
eByRRytVciTw/W79eAkZndBdeIYl0OFIJi9HIIw8+A+T4OsEE4eU53GSxd0H7iG5
KFHUTy9wNruWQkPxjB+Fi6vHQ8HJPqHb6LZMRwJTKi3d2jsqpo8=
=6bli
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists