| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <89F92623-BB47-4517-965C-5DC028B6340C@lists.apple.com> Date: Tue, 19 Nov 2024 17:39:30 -0700 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-11-19-2024-1 Safari 18.1.1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-11-19-2024-1 Safari 18.1.1 Safari 18.1.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/121756. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. JavaScriptCore Available for: macOS Ventura and macOS Sonoma Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. Description: The issue was addressed with improved checks. WebKit Bugzilla: 283063 CVE-2024-44308: Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group WebKit Available for: macOS Ventura and macOS Sonoma Impact: Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 283095 CVE-2024-44309: Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group Safari 18.1.1 may be obtained from the Mac App Store. All information is also posted on the Apple Security Releases web site: https://support.apple.com/100100. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmc9InUACgkQX+5d1TXa IvrVmxAA2y78urBGRBz1vPOWoutN8AxkYT50ng9/fZ/fAI6Xs+WQURYvuwEfRXax xzqcASTqM/rgdKw8L5zDdRxQ0lE5h8Y67f/o2hznvxDFAwvTOtxVh2Z9/A3Ac72F D9VkhnphYBioB7R+J9cionjO+WKoeKgb8X6zK0qJKhUfqaTE7qtg2Ncf1sZW3kt/ luzOrZxCQhPs4XE1ozcBa58Wgv2LeEI3jwIasCTd1qsiCsyNmy50ak91KazOoqIT ve7H6KCifAbcn4//l6JVoJkVG2ve+syUIMdHuxMCCoVsmswkPolLvHXoEAVoLtsB +kRwN7+lPBIBkzTWu6CIrDJTHPGSnuNq6xIyCrn75Q0DDF6gtFDSEumjtPwj4MA0 LCwmQHXgH0tcw0DVrRXTpv/ynx9QUe1sjao4BOSE6HLgtgwtic8DUOPpqba2DlRT dAqnUoxvypOa9o9d4QTcLVi5ozZRcaD5tp5ejh4D1AM9hX9Gq/7Nc4h0IhwhpCLg TNPy3stJF9hUTV/SiJGEDUWZg9b56gIirziOSHHeIQxfxoIAykgEBdbQ6S5HTnyx 6GhwIXBuzOLSEw69FKKIbaxhdZ42ouk4EgfrfbGj600KnInErNMfdGE+jaR6195v iBJTdhJwNjnoakDE061Rvk/zkxWLvo3Fgw7UiMaWiWRHyYwwd0M= =MpUb -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists