lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-id: <C83E25B2-9F94-4A6C-8638-114F9C047C50@lists.apple.com>
Date: Mon, 13 May 2024 20:58:27 -0400
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-05-13-2024-1 Safari 17.5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-05-13-2024-1 Safari 17.5

Safari 17.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214103.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Monterey and macOS Ventura
Impact: An attacker with arbitrary read and write capability may be able
to bypass Pointer Authentication
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 272750
CVE-2024-27834: Manfred Paul (@_manfp) working with Trend Micro's Zero
Day Initiative

Additional recognition

Safari Downloads
We would like to acknowledge Arsenii Kostromin (0x3c3e) for their
assistance.

Safari 17.5 may be obtained from the Mac App Store.
All information is also posted on the Apple Security Releases
web site: https://support.apple.com/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZCrkgACgkQX+5d1TXa
Ivparg//cfUi2Ylya0hfHUzbXtVdoWnbLApJOXFxAQM/DgKBGg+dtJnVyMNN+I1D
lN8SOuVIxVK+WedX4OKIdKgFlj48ucLdBAIExRqBq6VdSmlL6JK6WVSa3Vrw2ihC
U7DH0EtREotFgHPiJQMvmxORIUYONAoWHmgqaYNIcKfO6LByp4nN+VcQLjWmlQmn
jwXigd6pho/+udTEZesFmBNMnTMoRXiR5v+2kBmFj4BOFkZG1oMXqdPtF8MJDVaW
McjQBqGHs/ijyyAAd96swKZSvnCFEUQcgV888aJFjHFjyhNz1VC+AsaPT8bHnWh7
UvkWKgyyMdWMXpC0P9Et2Su4OddCQ/8Z7PI2M3rLL8V75Zq//l7q7wqpkEPFv/BM
LRcEHP5bWSRFWV57mFLsb44WAxEzl1R1ezroW8oh78gHd5s1upms4fhu6aohO6/E
jyd9OLwshu8jmEkeJXbcnZh1qiKauaLGoYP/kxFNoEKmexoWMxOrP+d599BgaMvw
tgGwvuENUE7pnRUWLBqc3T8rtDktUjdSEFBn74bzycc+GNzqbbrQTPm7SlG7t7fJ
jKQU7gbzViA/P32vLkwwrLMk0w0HsCuyJ8YdRd5tBcegIxZ6z2hLsiUtiHCSF5Wu
lZZ+QLteehEkHYqafuV4vbCqYeySJveKwi6+TFVI73u/XzsYGcc=
=Ypt5
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ