what you don't know can hurt you

Apple Security Advisory 2016-07-18-5

Apple Security Advisory 2016-07-18-5
Posted Jul 19, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-07-18-5 - Safari 9.1.2 is now available and addresses information disclosure, spoofing, and various other vulnerabilities.

tags | advisory, spoof, vulnerability, info disclosure
systems | apple
advisories | CVE-2016-4583, CVE-2016-4584, CVE-2016-4585, CVE-2016-4586, CVE-2016-4587, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591, CVE-2016-4592, CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651
MD5 | f382150af03b8b025eb19940c43f55a4

Apple Security Advisory 2016-07-18-5

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-07-18-5 Safari 9.1.2

Safari 9.1.2 is now available and addresses the following:

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a malicious website may disclose image data from
another website
Description: A timing issue existed in the processing of SVG. This
issue was addressed through improved validation.
CVE-2016-4583 : Roeland Krak

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: An origin inheritance issue existed in parsing of
about: URLs. This was addressed through improved validation of
security origins.
CVE-2016-4590 : xisigr of Tencent's Xuanwu
Lab (www.tencent.com)

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4586 : Apple
CVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks
CVE-2016-4622 : Samuel Gross working with Trend Microas Zero Day
Initiative
CVE-2016-4623 : Apple
CVE-2016-4624 : Apple

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a maliciously crafted website may result in the
disclosure of process memory
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2016-4587 : Apple

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a maliciously crafted webpage may lead to a system
denial of service
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2016-4592 : Mikhail

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a maliciously crafted website may compromise user
information on the file system
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4591 : ma.la of LINE Corporation

WebKit JavaScript Bindings
Available for: OS X El Capitan v10.11.6
Impact: Visiting a maliciously crafted website may lead to script
execution in the context of a non-HTTP service
Description: A cross-protocol cross-site scripting (XPXSS) issue
existed in Safari when submitting forms to non-HTTP services
compatible with HTTP/0.9. This issue was addressed by disabling
scripts and plugins on resources loaded over HTTP/0.9.
CVE-2016-4651 : Obscure

WebKit Page Loading
Available for: OS X El Capitan v10.11.6
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4584 : Chris Vienneau

WebKit Page Loading
Available for: OS X El Capitan v10.11.6
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-site scripting issue existed in Safari URL
redirection. This issue was addressed through improved URL validation
on redirection.
CVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions,
Inc. (www.mbsd.jp)

Safari 9.1.2 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXjXBBAAoJEIOj74w0bLRGvW8QAMqOAKm8CnLcqepi5pjP08WT
DZavcy5OGT/jah0WRuDSLSWgjWDQvGTsuIXvPr0sJp4ZU+KfpLRr/PP4jaHCEAgb
UOf1n42FcVsVdXwNUdyzpEvvRDd3RKzjVDWIi7VAB+dH3sM42C3qPcffJs2+sjOG
EQElvmMfAg4chSSCL6+y3l3uNabMk5oJeXJWICB8d1EtZpe5Epyp8GoYOh/JB2IG
Lt4Rw0rVG8BYYXWe8vJ0vbHSWMEaixQoDzsxFTxZUUCWBl0GqjM/Bjij+TyHf+lc
bb+4zfXPo8WKHad7M9ifl1+s8IzYUmdN3RZ8FFc02M7/i+rU0/HsmuRUxXG6dox3
r9sQKWeWr2xPmiU2pT0XPq95f2iLgt6rAFEfcK0zhLq3QbT5GQh9oyHwjc4c83+H
FGUQ8BrstJIGVRqERxI48kvhiH12PRAilEswFAAr9lJu5X+rmw/glSyYfcslkF49
rDZBAGLEFvCNuwjkAsTelvwiC3tAERhfjh33OENMgS43dVOQfwVpOWolOHN4Tqa4
oLIDzx+0+yVjs/IIAZmTdRLV7yDjat1CRN80FOBHkjuqbD8kL8hU45cvoclUjc6J
n4rOP1EG4SHph+DLfQiRVKbYWjOSOHWb3KMnkx+J5tuSVpe6FT/lpediznhacs+9
ukIIF2wGmuLEumkEjPi3
=2Qoy
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

May 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    14 Files
  • 2
    May 2nd
    3 Files
  • 3
    May 3rd
    1 Files
  • 4
    May 4th
    18 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    21 Files
  • 7
    May 7th
    15 Files
  • 8
    May 8th
    19 Files
  • 9
    May 9th
    1 Files
  • 10
    May 10th
    2 Files
  • 11
    May 11th
    18 Files
  • 12
    May 12th
    39 Files
  • 13
    May 13th
    15 Files
  • 14
    May 14th
    17 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    2 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    21 Files
  • 20
    May 20th
    15 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    6 Files
  • 23
    May 23rd
    1 Files
  • 24
    May 24th
    1 Files
  • 25
    May 25th
    2 Files
  • 26
    May 26th
    23 Files
  • 27
    May 27th
    13 Files
  • 28
    May 28th
    18 Files
  • 29
    May 29th
    17 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close