APPLE-SA-2013-10-22-2 Safari 6.1
APPLE-SA-2013-10-22-2 Safari 6.1
- Subject: APPLE-SA-2013-10-22-2 Safari 6.1
- From: Apple Product Security <email@hidden>
- Date: Tue, 22 Oct 2013 13:46:21 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-10-22-2 Safari 6.1
Safari 6.1 is now available and addresses the following:
Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
XML files. This issue was addressed through additional bounds
checking.
CVE-ID
CVE-2013-1036 : Kai Lu of Fortinet's FortiGuard Labs
WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.3
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-1037 : Google Chrome Security Team
CVE-2013-1038 : Google Chrome Security Team
CVE-2013-1039 : own-hero Research working with iDefense VCP
CVE-2013-1040 : Google Chrome Security Team
CVE-2013-1041 : Google Chrome Security Team
CVE-2013-1042 : Google Chrome Security Team
CVE-2013-1043 : Google Chrome Security Team
CVE-2013-1044 : Apple
CVE-2013-1045 : Google Chrome Security Team
CVE-2013-1046 : Google Chrome Security Team
CVE-2013-1047 : miaubiz
CVE-2013-2842 : Cyril Cattiaux
CVE-2013-5125 : Google Chrome Security Team
CVE-2013-5126 : Apple
CVE-2013-5127 : Google Chrome Security Team
CVE-2013-5128 : Apple
WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5
Impact: Visiting a maliciously crafted website may lead to an
information disclosure
Description: An information disclosure issue existed in XSSAuditor.
This issue was addressed through improved handling of URLs.
CVE-ID
CVE-2013-2848 : Egor Homakov
WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5
Impact: Dragging or pasting a selection may lead to a cross-site
scripting attack
Description: Dragging or pasting a selection from one site to
another may allow scripts contained in the selection to be executed
in the context of the new site. This issue is addressed through
additional validation of content before a paste or a drag and drop
operation.
CVE-ID
CVE-2013-5129 : Mario Heiderich
WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5
Impact: Using the Web Inspector disabled Private Browsing
Description: Using the Web Inspector disabled Private Browsing
without warning. This issue was addressed by improved state
management.
CVE-ID
CVE-2013-5130 : Laszlo Varady of Eotvos Lorand University
WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
URLs. This issue was addressed through improved origin tracking.
CVE-ID
CVE-2013-5131 : Erling A Ellingsen
Note: OS X Mavericks includes these fixes with Safari 7.0.
For OS X Lion systems Safari 6.1 is available via the Apple Software
Update application.
For OS X Mountain Lion systems Safari 6.1 may be obtained from
Mac App Store.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJSZuM/AAoJEPefwLHPlZEwEV0QAIUZosSYK5Dd4lFyqmmMP5pm
8E3WupQCcPMwcJVIRbSbijwpIqM0ewZ7TykoeC4OBDnbDJPMxn6tQze1vSWa+5Yh
IUBaITcwMOEdBlQmX6OEkq6PhnPbsmZLJXRoTvNM0WszdAdF1d9v0SQywp71Yv3T
OmFfJObcKmAXp4I0BCV+1CnpBEAhu16hMgpPuiolGLU0D5xa6mb1VIWtqiHrOlx2
trcga4MZQyvaOMFPIxSKdn/K5QDgiG2btEmRABjkBReX6wAAOGIIVKNq8KbU9cfu
M15+sy3X+nXttwgz0GY69mByQchUGbL+P0ybO9YUh31cS7Rq5IrdKIw3hWDnrrdd
WFDFhZTE55SVpuiA9AoO4DQkXcT1Urc/dzf4Rp8Vn790+jauDHpv3Q8eBh4Ndl1w
fFX/Y7n68Uw+4/cAqJwXZ5aEgxYiD/HKeRcHPdoIJe/7aWPcQn7//xlKkXUCcTCy
KCBDKdP79EX20y/A+eMaHiiE0AvK7gjmlJ/s4QvFxBI00rlg2RbZk8rT3xnA5gA1
UuFyVNJPHObt2KGtgkhcHG1E3UO4Z56rWRObihdma6QcEzTV7063eGKWRb+kZbbW
BiONRJuJUlUg4+o0NrpctTkMntl11a+tyvSXwlCTJT0YnYZp3Os935uJfVTOFoZv
sVJOGqC0Zl566dHZslQ3
=q5CI
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden