APPLE-SA-2019-10-29-7 Additional information for APPLE-SA-2019-9-26-4 Safari 13
APPLE-SA-2019-10-29-7 Additional information for APPLE-SA-2019-9-26-4 Safari 13
- Subject: APPLE-SA-2019-10-29-7 Additional information for APPLE-SA-2019-9-26-4 Safari 13
- From: Apple Product Security via Security-announce <email@hidden>
- Date: Tue, 29 Oct 2019 16:04:49 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-10-29-7 Additional information
for APPLE-SA-2019-9-26-4 Safari 13
Safari 13 addresses the following:
WebKit
Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2019-8625: Sergei Glazunov of Google Project Zero
CVE-2019-8719: Sergei Glazunov of Google Project Zero
Entry added October 29, 2019
WebKit
Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8707: an anonymous researcher working with Trend Micro's
Zero Day Initiative, cc working with Trend Micro Zero Day Initiative
CVE-2019-8726: Jihui Lu of Tencent KeenLab
CVE-2019-8728: Junho Jang of LINE Security Team and Hanul Choi of
ABLY Corporation
CVE-2019-8733: Sergei Glazunov of Google Project Zero
CVE-2019-8734: found by OSS-Fuzz
CVE-2019-8735: G. Geshev working with Trend Micro Zero Day Initiative
Entry added October 29, 2019
WebKit Page Loading
Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2019-8674: Sergei Glazunov of Google Project Zero
Additional recognition
WebKit
We would like to acknowledge MinJeong Kim of Information Security
Lab, Chungnam National University, JaeCheol Ryou of the Information
Security Lab, Chungnam National University in South Korea, Yiğit Can
YILMAZ (@yilmazcanyigit), Zhihua Yao of DBAPPSecurity Zion Lab, an
anonymous researcher, and cc working with Trend Micro's Zero Day
Initiative for their assistance.
Installation note:
Safari 13 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24p5YpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQBz4uGe3y0M00kRAA
tOJHN3d53CphHqulCJAI5yuhbbNWq14bv4eEMckxYha3i84y8SZyz2f7K/sN6UKz
/04FqhUJFE5ngD4dXN2WsA6w4Ncd/BA3/KLUpE6YIU7RmLLF5VsU40OxNi66BEoW
OX/BX3eNEHoAr8x7Lg+XNHPB3brZySG+gthwn0UJsq6hiruqvJhiA4tvO4p+FeIy
a1lWWlINPB8fR92Rhp/57aRGpwnaSLJXqjOkuW7rT9sW/RjFtxs2eHXyutmK4wJ0
SoXh4iJr7w+4DyhX5igduy5W/2cKks0+DF6Dp0Zd9cyo8DcD9t8eiTj9sWusfKj8
jwVSw4tiFQCQxns7Ud+EwdGgOMqWzzlcD4WPV80LySJm5ba0mTCS0hJ3aLJV/mvC
DN5zJcreFetR3zH21XNIZUDwLrByaIzUafnnAh+z1HHyyMSz6xxoZDiTe0ZIhoCN
7zlIBtj4m1CYKpTHG2xTkHZCJHb3XRCx27rtPvtn0p9S/1hpHdlYkQEZr1yPUAhj
qfOdnm3B2Yj0D9AoaYY5Lq4RhxkAU/D6D9tpkj09vBOBN7cFqgscSeCWF2evTOSP
BUM/zn7crJJQ2rsFnJqiu5VrQ076Xp42/pYCvvL0dyaqiMq38H3OgEso9tm3ol19
bhdIF9Lt+f6ADw1tM+4wMkExo/JxyARQGc/Hoc43a8s=
=PATl
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden