Apple Security Advisory 2014-05-21-1 - Safari 6.1.4 and Safari 7.0.4 are now available and address code execution vulnerabilities.
cb432efb5b115028ce6fb6e5f7885637ec7ab0cf5c49906f721e09b631043157-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4
Safari 6.1.4 and Safari 7.0.4 are now available and address the
following:
WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-2875 : miaubiz
CVE-2013-2927 : cloudfuzzer
CVE-2014-1323 : banty
CVE-2014-1324 : Google Chrome Security Team
CVE-2014-1326 : Apple
CVE-2014-1327 : Google Chrome Security Team, Apple
CVE-2014-1329 : Google Chrome Security Team
CVE-2014-1330 : Google Chrome Security Team
CVE-2014-1331 : cloudfuzzer
CVE-2014-1333 : Google Chrome Security Team
CVE-2014-1334 : Apple
CVE-2014-1335 : Google Chrome Security Team
CVE-2014-1336 : Apple
CVE-2014-1337 : Apple
CVE-2014-1338 : Google Chrome Security Team
CVE-2014-1339 : Atte Kettunen of OUSPG
CVE-2014-1341 : Google Chrome Security Team
CVE-2014-1342 : Apple
CVE-2014-1343 : Google Chrome Security Team
CVE-2014-1344 : Ian Beer of Google Project Zero
CVE-2014-1731 : an anonymous member of the Blink development
community
WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3
Impact: A malicious site can send messages to a connected frame or
window in a way that might circumvent the receiver's origin check
Description: An encoding issue existed in the handling of unicode
characters in URLs. A maliciously crafted URL could have led to
sending an incorrect postMessage origin. This issue was addressed
through improved encoding/decoding.
CVE-ID
CVE-2014-1346 : Erling Ellingsen of Facebook
For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4
and Safari 6.1.4 may be obtained from Mac App Store.
For OS X Lion systems Safari 6.1.4 is available via the Apple
Software Update application.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJTe6ELAAoJEBcWfLTuOo7tonoP/igNIR7SZEkRvtHHjHIqR2U5
a28aYgzjkALSYDppREpWPMIovnYKZAONabRMJ0r/3LFyl4juBSOsVyBCbUBg8Fpp
GFCsc7x0jva8g1DtPtk/B299GXPBi8fOhEwUIilgTo0+y7ExrgA9wUjCdlWHwPQs
Edbra42Q+52KU+NxWjyeJiPkBIy57p5P0XVnnS3tIxRLHxRed9O8GoNUHcwLhihd
dV5NOBEUvW5Gy2yEhJLZIa64aPOPG3Rz7EA/0zCRiiusLyIGVdyTaOnL4AlHrgh8
BiiAgx3xFUqYiBqCnxAO3gy3CRWhmKukesDKIPmaV27E0cFQ+FkI990oCh8ZSCZg
hi4q5j34mp44Uhr0O068hQyPaA70GAiUVgT/pB7fVS9Z9U0EOPhIvn1IybROP/44
ces9VWOzx9pjzR7OxRmk05mRijnlIQHNzSJp3/DpREDX1DvJxD2vfk8cYFPdweNR
VPFs3acbgOMCpjPLGM3S5HdY/a2UWxolvwR13AnCQ0mFkiD6FsO3z2sgtHdnMkNi
XNW7RMf/7+JesXcNiXYde5iDqE15OPTSWuiYNUHCz9WvSlJmOOSDAZ7F3YBWr+FR
tMEB/TGWZiQmacNiGkY1F4YgF5SqeAHGYeJ2amSycO90+vTU+FLWPCiTWesmu1tG
n/lA21kfHgTURqYVT+xA
=kSr/
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed