APPLE-SA-2021-05-25-5 Safari 14.1.1
APPLE-SA-2021-05-25-5 Safari 14.1.1
- Subject: APPLE-SA-2021-05-25-5 Safari 14.1.1
- From: Apple Product Security via Security-announce <email@hidden>
- Date: Tue, 25 May 2021 15:21:50 -0700
- Original-recipient: rfc822;email@hidden
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-05-25-5 Safari 14.1.1
Safari 14.1.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212534.
WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab,
ASU. working with Trend Micro Zero Day Initiative
CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A cross-origin issue with iframe elements was addressed
with improved tracking of security origins.
CVE-2021-30744: Dan Hite of jsontop
WebKit
Available for: macOS Catalina and macOS Mojave
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30720: David Schütz (@xdavidhu)
WebKit
Available for: macOS Catalina and macOS Mojave
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30682: an anonymous researcher and 1lastBr3ath
WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-21779: Marcin Towalski of Cisco Talos
WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30689: an anonymous researcher
WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An integer overflow was addressed with improved input
validation.
CVE-2021-30663: an anonymous researcher
WebRTC
Available for: macOS Catalina and macOS Mojave
Impact: A remote attacker may be able to cause a denial of service
Description: A null pointer dereference was addressed with improved
input validation.
CVE-2021-23841: Tavis Ormandy of Google
CVE-2021-30698: Tavis Ormandy of Google
Additional recognition
WebKit
We would like to acknowledge Chris Salls (@salls) of Makai Security
for their assistance.
Installation note:
This update may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9IACgkQZcsbuWJ6
jjBEaw//cfvBiTZmkDNa2kDjJLMb4J6AmLZMGDGZrE/nJ9kvck9ac4gFZLv0Poz+
PchsZvRelHeadMONH7TbpZlWued9xVn4yQVzO+FPFXmRQgMDPiYwfgP5dnRrfbH0
i3yOiaZuUdo1PKd103CgjpTEc4pJKZpJz5y5PmHIFQxuQt5qynDkSPfrIiszhZ+5
AAh2biUWETDHvPLojVNumhtQOSq/hRXjkOI0+7Foprjg99p2a3TgQeXdgKsuJBpD
Y3Q9WmRrPpwaDR8Hs2qO7Vlo1Nhldo060e5UvBsHXORzOu//boAefYXIK9W1ZKeZ
fOKkrAnwZXcoU3UM/gcvyEXg2e3jt5I0zOV1tDmyQpRfbhR1QsmbWzWLspoOmsVL
CtPh2aS0VYJJ4L6DP+VfdOnwVaTkirHh7LMifZ4UjsEMVz81ODagIj8t5MrDFpyt
vI732lWm5whdaBaxmTe/bCxxAAJhPlKawCySQQODfUEh8ll9ByxpNH2NPOpy57QS
+HxBK4UuWTPGsF7pkLzeCPoJfCZ0OaaS74WcHFanP/TeR3x5E4rTwuHDqD4ItkfD
fVpmVvnyOT+9MKd3Fwopcg8JOM2i96I0G1ptbk4EeYZnQEw2ChU6NDz66AeZwub0
JM43xG0hT7OnUQRm3d9B0su/OzfWQHCCHsZ8WkPxcihUDalDDJg=
=CpII
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden