| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <92264AA9-E7DB-40E8-A177-119CEA5DEF8B@lists.apple.com> Date: Tue, 29 Oct 2024 16:29:03 -0700 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-10-29-2024-1 Safari 18.1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-10-29-2024-1 Safari 18.1 Safari 18.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/121571. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Safari Downloads Available for: macOS Ventura and macOS Sonoma Impact: An attacker may be able to misuse a trust relationship to download malicious content Description: This issue was addressed through improved state management. CVE-2024-44259: Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India) Safari Private Browsing Available for: macOS Ventura and macOS Sonoma Impact: Private browsing may leak some browsing history Description: An information leakage was addressed with additional validation. CVE-2024-44229: Lucas Di Tomase WebKit Available for: macOS Ventura and macOS Sonoma Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: The issue was addressed with improved checks. WebKit Bugzilla: 278765 CVE-2024-44296: Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India) WebKit Available for: macOS Ventura and macOS Sonoma Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: A memory corruption issue was addressed with improved input validation. WebKit Bugzilla: 279780 CVE-2024-44244: an anonymous researcher, Q1IQ (@q1iqF) and P1umer (@p1umer) Additional recognition Safari Private Browsing We would like to acknowledge an anonymous researcher, r00tdaddy for their assistance. Safari Tabs We would like to acknowledge Jaydev Ahire for their assistance. Safari 18.1 may be obtained from the Mac App Store. All information is also posted on the Apple Security Releases web site: https://support.apple.com/100100. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmchbpEACgkQX+5d1TXa Ivr5gBAAk50bIQ2NvoHDWo1ss9TLbGh9aa2RAHRPS0HqbBmnolc5tcrB1wKorkaf FF6lACO/OOti2KjAX44zfLl+9zHMsEFzDkmrY8VosFkYAaLUOly/xYaCUcQcuhLC VZy4Moviip3ImFDvR/EjO8vI/7GAjt3XafvRf1k5+w5xzmCuM8mhzLSfs1s4/lxd EThQBB7oA18grjnxJqAh9tBwquUkfmGuY9twsNH5qccv+wgw9gYvCIr0jbtCn2vz K5FHY/RDmMOfoLZ3am0JqrWd/7uO3bWHYQzS5H501x2tsLJw6Hwy9u+P2NxvRzXd pu6WJ22Adei85x5o34W+K42iannlzpgMnMeT81khVzVTY1HKPBikZ1wS13kZ9UyY j9dnW0NReyKhDYzFPiTehgC2mErmFWzLtRzxzs/Af7iVadAXw+6evBtP5FIzEqFX FfbhS+0icaU3FGklxcD+5++T+OKvo5hDAVjp7lGbBv5C2WvlpuNfmdIXkqYbzpdv mIujHNTWNYArlIkXr7vUVOHdB//BtfbIGZdjddYpZbx7q6KxX+z8q+NQ/8ESEUXZ KIF0cOAI1P2nVdALfpMaqKVFJa+BfwhWklscDDgPOpVQy0I5cIFJj7MVves534js sR+tn4B5jKfe6tmLy1xkgqpTYcdPe/TzW0tc6IRidvYVk3zhpMA= =9Fs5 -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists