Apple Security Advisory 2015-09-30-02 - Safari 9 is now available and addresses spoofing, communication compromise, and various other vulnerabilities.
f7eaab35b779b1ee16d519af96740060a307af52548f068b4694e3adf3b64512
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2015-09-30-2 Safari 9
Safari 9 is now available and addresses the following:
Safari
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10.5 and OS X El Capitan v10.11
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Multiple user interface inconsistencies may have
allowed a malicious website to display an arbitrary URL. These issues
were addressed through improved URL display logic.
CVE-ID
CVE-2015-5764 : Antonio Sanso (@asanso) of Adobe
CVE-2015-5765 : Ron Masas
CVE-2015-5767 : Krystian Kloskowski via Secunia, Masato Kinugawa
Safari Downloads
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10.5 and OS X El Capitan v10.11
Impact: LaunchServices' quarantine history may reveal browsing
history
Description: Access to LaunchServices' quarantine history may have
revealed browsing history based on file downloads. This issue was
addressed through improved deletion of quarantine history.
Safari Extensions
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10.5 and OS X El Capitan v10.11
Impact: Local communication between Safari extensions and companion
apps may be compromised
Description: The local communication between Safari extensions such
as password managers and their native companion apps could be
comprised by another native app. This issue was addressed through a
new, authenticated communications channel between Safari extensions
and companion apps.
Safari Extensions
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10.5 and OS X El Capitan v10.11
Impact: Safari extensions may be replaced on disk
Description: A validated, user-installed Safari extension could be
replaced on disk without prompting the user. This issue was addressed
by improved validation of extensions.
CVE-ID
CVE-2015-5780 : Ben Toms of macmule.com
Safari Safe Browsing
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10.5 and OS X El Capitan v10.11
Impact: Navigating to the IP address of a known malicious website
may not trigger a security warning
Description: Safari's Safe Browsing feature did not warn users when
visiting known malicious websites by their IP addresses. The issue
was addressed through improved malicious site detection.
Rahul M (@rahulmfg) of TagsDock
WebKit
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10.5 and OS X El Capitan v10.11
Impact: Partially loaded images may exfiltrate data across origins
Description: A race condition existed in validation of image
origins. This issue was addressed by improved validation of resource
origins.
CVE-ID
CVE-2015-5788 : Apple
WebKit
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10.5 and OS X El Capitan v10.11
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5789 : Apple
CVE-2015-5790 : Apple
CVE-2015-5791 : Apple
CVE-2015-5792 : Apple
CVE-2015-5793 : Apple
CVE-2015-5794 : Apple
CVE-2015-5795 : Apple
CVE-2015-5796 : Apple
CVE-2015-5797 : Apple
CVE-2015-5798 : Apple
CVE-2015-5799 : Apple
CVE-2015-5800 : Apple
CVE-2015-5801 : Apple
CVE-2015-5802 : Apple
CVE-2015-5803 : Apple
CVE-2015-5804 : Apple
CVE-2015-5805
CVE-2015-5806 : Apple
CVE-2015-5807 : Apple
CVE-2015-5808 : Joe Vennix
CVE-2015-5809 : Apple
CVE-2015-5810 : Apple
CVE-2015-5811 : Apple
CVE-2015-5812 : Apple
CVE-2015-5813 : Apple
CVE-2015-5814 : Apple
CVE-2015-5815 : Apple
CVE-2015-5816 : Apple
CVE-2015-5817 : Apple
CVE-2015-5818 : Apple
CVE-2015-5819 : Apple
CVE-2015-5821 : Apple
CVE-2015-5822 : Mark S. Miller of Google
CVE-2015-5823 : Apple
WebKit
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10.5 and OS X El Capitan v10.11
Impact: An attacker may be able to create unintended cookies for a
website
Description: WebKit would accept multiple cookies to be set in the
document.cookie API. This issue was addressed through improved
parsing.
CVE-ID
CVE-2015-3801 : Erling Ellingsen of Facebook
WebKit
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10.5 and OS X El Capitan v10.11
Impact: The Performance API may allow a malicious website to leak
browsing history, network activity, and mouse movements
Description: WebKit's Performance API could have allowed a malicious
website to leak browsing history, network activity, and mouse
movements by measuring time. This issue was addressed by limiting
time resolution.
CVE-ID
CVE-2015-5825 : Yossi Oren et al. of Columbia University's Network
Security Lab
WebKit
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10.5 and OS X El Capitan v10.11
Impact: Visiting a malicious website may lead to unintended dialing
Description: An issue existed in handling of tel://, facetime://,
and facetime-audio:// URLs. This issue was addressed through improved
URL handling.
CVE-ID
CVE-2015-5820 : Guillaume Ross, Andrei Neculaesei
WebKit CSS
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10.5 and OS X El Capitan v10.11
Impact: A malicious website may exfiltrate data cross-origin
Description: Safari allowed cross-origin stylesheets to be loaded
with non-CSS MIME types which could be used for cross-origin data
exfiltration. This issue was addressed by limiting MIME types for
cross-origin stylesheets.
CVE-ID
CVE-2015-5826 : filedescriptior, Chris Evans
WebKit JavaScript Bindings
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10.5 and OS X El Capitan v10.11
Impact: Object references may be leaked between isolated origins on
custom events, message events and pop state events
Description: An object leak issue broke the isolation boundary
between origins. This issue was addressed through improved isolation
between origins.
CVE-ID
CVE-2015-5827 : Gildas
WebKit Page Loading
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10.5 and OS X El Capitan v10.11
Impact: WebSockets may bypass mixed content policy enforcement
Description: An insufficient policy enforcement issue allowed
WebSockets to load mixed content. This issue was addressed by
extending mixed content policy enforcement to WebSockets.
Kevin G Jones of Higher Logic
WebKit Plug-ins
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10.5 and OS X El Capitan v10.11
Impact: Safari plugins may send an HTTP request without knowing the
request was redirected
Description: The Safari plugins API did not communicate to plugins
that a server-side redirect had happened. This could lead to
unauthorized requests. This issue was addressed through improved API
support.
CVE-ID
CVE-2015-5828 : Lorenzo Fontana
Safari 9 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJWDB23AAoJEBcWfLTuOo7teGkQAK3KZHfKYeJ6NJP2rdBCeGGE
0zPFtcgjzbHSOG1KB5Q/gHBChmVukmgC/QCCueKmA5TOxXjhuEj2CRpe/+Zf349H
zvfdvU2Q4qM7byOY/q7g77Cae6K/nrnX7FaHRjdREniZUBIsm826o69Qbpeudlns
n4IhPIaUPiq0M+o1EzPgnHWJ1GpHcFD7C0bZ6tSlBea8iJi2Ai9EOZUXaskJg2mx
9tCijYN8IVKGApJT3CiFUHgx9zgDq9vbWJ1spnxwK0IgYd8zhEf18sZZmdAd5szS
bpU1KyFsFRYqRjV4ctTBhj8FnZ4Cjxxq9xXXGNrrlsIXBBRDENNiwUaHhoiYVBjH
mPV76aNQjgImbi2T3gamUFZLSB8IdklMbFXo+HYUX3k4eDis0f/dFRoDb4XWfXiX
168c79nGIc6bDz+7tP7Z7gC9rYCJRdJqHObky+2K1A43Urp1EkgH8oy+a2EbstfY
wvoQ/kUkFsDY3NM4xwa9gqhdYFcJSQy0kfzcZB/LinjLSEBkG/7nu+XuWlrwSavJ
qLvUyUpdP5ei0Scmz8YCymrf2aMG4yZEN4PyUkBPPW2DgNiXgbE5K+8kHnqmUlRF
OJ9+P/2tIED63euI0n1UcrfLOHAEUgZe2jmVfye7BB9KreVh02u/ziFl46Gghdsd
TksTuX7uQIiE70E/qZlh
=FuAM
-----END PGP SIGNATURE-----