-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-10-22-2 Safari 6.1 Safari 6.1 is now available and addresses the following: Safari Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of XML files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1036 : Kai Lu of Fortinet's FortiGuard Labs WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.3 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-1037 : Google Chrome Security Team CVE-2013-1038 : Google Chrome Security Team CVE-2013-1039 : own-hero Research working with iDefense VCP CVE-2013-1040 : Google Chrome Security Team CVE-2013-1041 : Google Chrome Security Team CVE-2013-1042 : Google Chrome Security Team CVE-2013-1043 : Google Chrome Security Team CVE-2013-1044 : Apple CVE-2013-1045 : Google Chrome Security Team CVE-2013-1046 : Google Chrome Security Team CVE-2013-1047 : miaubiz CVE-2013-2842 : Cyril Cattiaux CVE-2013-5125 : Google Chrome Security Team CVE-2013-5126 : Apple CVE-2013-5127 : Google Chrome Security Team CVE-2013-5128 : Apple WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5 Impact: Visiting a maliciously crafted website may lead to an information disclosure Description: An information disclosure issue existed in XSSAuditor. This issue was addressed through improved handling of URLs. CVE-ID CVE-2013-2848 : Egor Homakov WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5 Impact: Dragging or pasting a selection may lead to a cross-site scripting attack Description: Dragging or pasting a selection from one site to another may allow scripts contained in the selection to be executed in the context of the new site. This issue is addressed through additional validation of content before a paste or a drag and drop operation. CVE-ID CVE-2013-5129 : Mario Heiderich WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5 Impact: Using the Web Inspector disabled Private Browsing Description: Using the Web Inspector disabled Private Browsing without warning. This issue was addressed by improved state management. CVE-ID CVE-2013-5130 : Laszlo Varady of Eotvos Lorand University WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5 Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-site scripting issue existed in the handling of URLs. This issue was addressed through improved origin tracking. CVE-ID CVE-2013-5131 : Erling A Ellingsen Note: OS X Mavericks includes these fixes with Safari 7.0. For OS X Lion systems Safari 6.1 is available via the Apple Software Update application. For OS X Mountain Lion systems Safari 6.1 may be obtained from Mac App Store. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJSZuM/AAoJEPefwLHPlZEwEV0QAIUZosSYK5Dd4lFyqmmMP5pm 8E3WupQCcPMwcJVIRbSbijwpIqM0ewZ7TykoeC4OBDnbDJPMxn6tQze1vSWa+5Yh IUBaITcwMOEdBlQmX6OEkq6PhnPbsmZLJXRoTvNM0WszdAdF1d9v0SQywp71Yv3T OmFfJObcKmAXp4I0BCV+1CnpBEAhu16hMgpPuiolGLU0D5xa6mb1VIWtqiHrOlx2 trcga4MZQyvaOMFPIxSKdn/K5QDgiG2btEmRABjkBReX6wAAOGIIVKNq8KbU9cfu M15+sy3X+nXttwgz0GY69mByQchUGbL+P0ybO9YUh31cS7Rq5IrdKIw3hWDnrrdd WFDFhZTE55SVpuiA9AoO4DQkXcT1Urc/dzf4Rp8Vn790+jauDHpv3Q8eBh4Ndl1w fFX/Y7n68Uw+4/cAqJwXZ5aEgxYiD/HKeRcHPdoIJe/7aWPcQn7//xlKkXUCcTCy KCBDKdP79EX20y/A+eMaHiiE0AvK7gjmlJ/s4QvFxBI00rlg2RbZk8rT3xnA5gA1 UuFyVNJPHObt2KGtgkhcHG1E3UO4Z56rWRObihdma6QcEzTV7063eGKWRb+kZbbW BiONRJuJUlUg4+o0NrpctTkMntl11a+tyvSXwlCTJT0YnYZp3Os935uJfVTOFoZv sVJOGqC0Zl566dHZslQ3 =q5CI -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/security-announce/site_archiver%40li... This email sent to site_archiver@lists.apple.com