APPLE-SA-2020-05-26-7 Safari 13.1.1
APPLE-SA-2020-05-26-7 Safari 13.1.1
- Subject: APPLE-SA-2020-05-26-7 Safari 13.1.1
- From: Apple Product Security via Security-announce <email@hidden>
- Date: Tue, 26 May 2020 17:24:17 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-05-26-7 Safari 13.1.1
Safari 13.1.1 is now available and addresses the following:
Safari
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: A malicious process may cause Safari to launch an application
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9801: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9802: Samuel Groß of Google Project Zero
WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9805: an anonymous researcher
WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro
Zero Day Initiative
WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9806: Wen Xu of SSLab at Georgia Tech
CVE-2020-9807: Wen Xu of SSLab at Georgia Tech
WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9843: Ryan Pickren (ryanpickren.com)
WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2020-9803: Wen Xu of SSLab at Georgia Tech
WebRTC
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An access issue was addressed with improved memory
management.
CVE-2019-20503: Natalie Silvanovich of Google Project Zero
Additional recognition
WebKit
We would like to acknowledge Aidan Dunlap of UT Austin for their
assistance.
Installation note:
Safari 13.1.1 may be obtained from the Mac App Store.
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJezV7rAAoJEAc+Lhnt8tDNAB4P/ii6fKM9mmFamwvDreABeVd7
u32JJjalk28WkDgudvnqa9cY/mzHtUwYODyrCaL3kjPisKiD7rRabVOWk8/rD6wi
m6c8uk+g7of77qJ5m5y5g+TJdtYLxGItzJO5m9v+CqGrfX3hyCuIjnhsHrGWeqYF
oYH4Xlkrw4Piy+Tw6jN5nBnR1I+d0C/h95SxOUIHae9HEjPmggF5QOfxMqzGNXWx
MVO0jWoQL2Z4OzxMvmbNSQ5rkKeJNheedBdMuOMnh03o9wuyjgZV3aPEOMxVgE3g
ZcCNIc1xjnGDiwhLab4/jqj7Py/EdpT04RADxymEgKpktLCIbSRi7skUkOvF7+zN
IR8aVq5j4DXyJkadho4vjBhnkj0wCckyhsTw7kQ5ZGLqruFuB09ZwNHKhl9OcnXc
TuamaVUn/ADC28NU2Fkf+/RaeYSvHSbvrDeDR0PDyCx5rLJwide/2UxNEZL4H8KD
2oIEr/I7BVeHcP8D0YYs3INtqJ3Yz0+P06bTvWh46bRw8uPkizcRS5IbpC+Sd5dh
jd4efVe4ltTAQeDc91iSUnKy1vYpl/iOagHtO0CntnA/Fl44WEMR5NJDCQmQvA0i
L8UWLAuJTZ1EngIlWv7ueqyhSp5qayX0PVQjAEpLxhgxmQXMmb9A83YMJYt7ORdk
b2R6ImCxrVcNhr0o2lWK
=MjL1
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden