what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Security Advisory 2012-09-19-3

Apple Security Advisory 2012-09-19-3
Posted Sep 22, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-09-19-3 - Safari 6.0.1 is now available and addresses multiple vulnerabilities in itself and WebKit.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2011-3105, CVE-2012-2817, CVE-2012-2818, CVE-2012-2829, CVE-2012-2831, CVE-2012-2842, CVE-2012-2843, CVE-2012-3598, CVE-2012-3601, CVE-2012-3602, CVE-2012-3606, CVE-2012-3607, CVE-2012-3612, CVE-2012-3613, CVE-2012-3614, CVE-2012-3616, CVE-2012-3617, CVE-2012-3621, CVE-2012-3622, CVE-2012-3623, CVE-2012-3624, CVE-2012-3632, CVE-2012-3643, CVE-2012-3647, CVE-2012-3648, CVE-2012-3649, CVE-2012-3651, CVE-2012-3652
SHA-256 | 69aa4378ab7394dca2af1f960c808b3f35ea802b8eba8cef84c559eb0b5212db

Apple Security Advisory 2012-09-19-3

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2012-09-19-3 Safari 6.0.1

Safari 6.0.1 is now available and addresses the following:

Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: Opening a maliciously crafted downloaded HTML document may
lead to the disclosure of local file content
Description: In OS X Mountain Lion HTML files were removed from the
unsafe type list. Quarantined HTML documents are opened in a safe
mode that prevents accessing other local or remote resources. A logic
error in Safari's handling of the Quarantine attribute caused the
safe mode not to be triggered on Quarantined files. This issue was
addressed by properly detecting the existence of the Quarantine
attribute.
CVE-ID
CVE-2012-3713 : Aaron Sigel of vtty.com, Masahiro Yamada

Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: Using Autofill on a maliciously crafted website may lead to
the disclosure of contact information
Description: A rare condition existed in the handling of Form
Autofill. Using Form Autofill on a maliciously crafted website may
have led to disclosure of information from the Address Book "Me" card
that was not included in the Autofill popover. This issue was
addressed by limiting Autofill to the fields contained in the
popover.
CVE-ID
CVE-2012-3714 : Jonathan Hogervorst of Buzzera

Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: After editing a HTTPS URL in the address bar, a request may
be unexpectedly sent over HTTP
Description: A logic issue existed in the handling of HTTPS URLs in
the address bar. If a portion of the address was edited by pasting
text, the request may be unexpectedly sent over HTTP. This issue was
addressed by improved handling of HTTPS URLs.
CVE-ID
CVE-2012-3715 : Aaron Rhoads of East Watch Services LLC, Pepi
Zawodsky

WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2011-3105 : miaubiz
CVE-2012-2817 : miaubiz
CVE-2012-2818 : miaubiz
CVE-2012-2829 : miaubiz
CVE-2012-2831 : miaubiz
CVE-2012-2842 : miaubiz
CVE-2012-2843 : miaubiz
CVE-2012-3598 : Apple Product Security
CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3602 : miaubiz
CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3612 : Skylined of the Google Chrome Security Team
CVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3614 : Yong Li of Research In Motion, Inc.
CVE-2012-3616 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3617 : Apple Product Security
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3622 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3623 : Skylined of the Google Chrome Security Team
CVE-2012-3624 : Skylined of the Google Chrome Security Team
CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3643 : Skylined of the Google Chrome Security Team
CVE-2012-3647 : Skylined of the Google Chrome Security Team
CVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3649 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2012-3651 : Abhishek Arya and Martin Barbella of the Google
Chrome Security Team
CVE-2012-3652 : Martin Barbella of Google Chrome Security Team
CVE-2012-3654 : Skylined of the Google Chrome Security Team
CVE-2012-3657 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3658 : Apple
CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya
(Inferno) of the Google Chrome Security Team
CVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome
Security Team
CVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3675 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3676 : Julien Chaffraix of the Chromium development
community
CVE-2012-3677 : Apple
CVE-2012-3684 : kuzzcc
CVE-2012-3685 : Apple Product Security
CVE-2012-3687 : kuzzcc
CVE-2012-3688 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3692 : Skylined of the Google Chrome Security Team, Apple
Product Security
CVE-2012-3699 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3700 : Apple Product Security
CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3702 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3703 : Apple Product Security
CVE-2012-3704 : Skylined of the Google Chrome Security Team
CVE-2012-3705 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3706 : Apple Product Security
CVE-2012-3707 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3708 : Apple
CVE-2012-3709 : Apple Product Security
CVE-2012-3710 : James Robinson of Google
CVE-2012-3711 : Skylined of the Google Chrome Security Team
CVE-2012-3712 : Abhishek Arya (Inferno) of the Google Chrome Security
Team


For OS X Lion systems Safari 6.0.1 is available via the Apple
Software Update application.

For OS X Mountain Lion systems, Safari 6.0.1 is included with
OS X v10.8.2.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJQWho/AAoJEPefwLHPlZEwG9kP/A2FKYpkYoEnaHSaCeI8W/Gt
F+EjtnJ85SnVz76a81dt7O+F65pYMjMYEEHthgw62JAbZHrw93gf1dWpp+0IfXJZ
w/dOV6yNxYmDOh0zir1I2tCIplkD2MvUrubcW+UCwDbVxnGKsTNBWzovHpvos2Uk
lRn6Bl1wM5vOthJO14Z6iS0XX4GkefA3XzoVqY6dU0c9mxrTQhtMWvL+Pb1UpqX3
CZLcMmFGRuCE/+aM+d1x749PEteNDbrnw/aYfMyMSUNgb43EaUxCzTiUU+NvzsFL
Ah33i29Li38nl+rLVgTRRU9EQVm1ZcujoftpgFw9prTd999f47eCSU5/QeDjY+Zw
GLJRDfe/PP/GFKzAchefqS5x2PFUI9hZRGJEFviOEygfEPfYVCe/r/iMvBTtwfkn
GVw1WIXcraqxXGzUNhCCZy3rcA8sSbJlCaIIr3VbtPS7PMHwjSaT+DBgD0hWtnk2
uATTye1UKG8m+FfwXn7ha3/W0kmdEGn1dBgpG2d35yXkGj7zgUgi4MX9HTVGTqEd
Nvlzpffv5LCCdDqhRgqe4uT7fKmb46owoNNHM4eAH4A4EwHzA3lXQt5twhO9b2gL
gWZ+bfwxfUaVlyBDPM1cUZ4e13HRiFPiRI9PJ2S5DrLoiMzpXIbBRH+5fs9uVvV+
zhJ+1dokzSpzRKJOq68N
=xYhU
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close