exploit the possibilities

Apple Security Advisory 2016-07-18-5

Apple Security Advisory 2016-07-18-5
Posted Jul 19, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-07-18-5 - Safari 9.1.2 is now available and addresses information disclosure, spoofing, and various other vulnerabilities.

tags | advisory, spoof, vulnerability, info disclosure
systems | apple
advisories | CVE-2016-4583, CVE-2016-4584, CVE-2016-4585, CVE-2016-4586, CVE-2016-4587, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591, CVE-2016-4592, CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651
MD5 | f382150af03b8b025eb19940c43f55a4

Apple Security Advisory 2016-07-18-5

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-07-18-5 Safari 9.1.2

Safari 9.1.2 is now available and addresses the following:

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a malicious website may disclose image data from
another website
Description: A timing issue existed in the processing of SVG. This
issue was addressed through improved validation.
CVE-2016-4583 : Roeland Krak

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: An origin inheritance issue existed in parsing of
about: URLs. This was addressed through improved validation of
security origins.
CVE-2016-4590 : xisigr of Tencent's Xuanwu
Lab (www.tencent.com)

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4586 : Apple
CVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks
CVE-2016-4622 : Samuel Gross working with Trend Microas Zero Day
Initiative
CVE-2016-4623 : Apple
CVE-2016-4624 : Apple

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a maliciously crafted website may result in the
disclosure of process memory
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2016-4587 : Apple

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a maliciously crafted webpage may lead to a system
denial of service
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2016-4592 : Mikhail

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a maliciously crafted website may compromise user
information on the file system
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4591 : ma.la of LINE Corporation

WebKit JavaScript Bindings
Available for: OS X El Capitan v10.11.6
Impact: Visiting a maliciously crafted website may lead to script
execution in the context of a non-HTTP service
Description: A cross-protocol cross-site scripting (XPXSS) issue
existed in Safari when submitting forms to non-HTTP services
compatible with HTTP/0.9. This issue was addressed by disabling
scripts and plugins on resources loaded over HTTP/0.9.
CVE-2016-4651 : Obscure

WebKit Page Loading
Available for: OS X El Capitan v10.11.6
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4584 : Chris Vienneau

WebKit Page Loading
Available for: OS X El Capitan v10.11.6
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-site scripting issue existed in Safari URL
redirection. This issue was addressed through improved URL validation
on redirection.
CVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions,
Inc. (www.mbsd.jp)

Safari 9.1.2 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXjXBBAAoJEIOj74w0bLRGvW8QAMqOAKm8CnLcqepi5pjP08WT
DZavcy5OGT/jah0WRuDSLSWgjWDQvGTsuIXvPr0sJp4ZU+KfpLRr/PP4jaHCEAgb
UOf1n42FcVsVdXwNUdyzpEvvRDd3RKzjVDWIi7VAB+dH3sM42C3qPcffJs2+sjOG
EQElvmMfAg4chSSCL6+y3l3uNabMk5oJeXJWICB8d1EtZpe5Epyp8GoYOh/JB2IG
Lt4Rw0rVG8BYYXWe8vJ0vbHSWMEaixQoDzsxFTxZUUCWBl0GqjM/Bjij+TyHf+lc
bb+4zfXPo8WKHad7M9ifl1+s8IzYUmdN3RZ8FFc02M7/i+rU0/HsmuRUxXG6dox3
r9sQKWeWr2xPmiU2pT0XPq95f2iLgt6rAFEfcK0zhLq3QbT5GQh9oyHwjc4c83+H
FGUQ8BrstJIGVRqERxI48kvhiH12PRAilEswFAAr9lJu5X+rmw/glSyYfcslkF49
rDZBAGLEFvCNuwjkAsTelvwiC3tAERhfjh33OENMgS43dVOQfwVpOWolOHN4Tqa4
oLIDzx+0+yVjs/IIAZmTdRLV7yDjat1CRN80FOBHkjuqbD8kL8hU45cvoclUjc6J
n4rOP1EG4SHph+DLfQiRVKbYWjOSOHWb3KMnkx+J5tuSVpe6FT/lpediznhacs+9
ukIIF2wGmuLEumkEjPi3
=2Qoy
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close