what you don't know can hurt you

Apple Security Advisory 2016-07-18-5

Apple Security Advisory 2016-07-18-5
Posted Jul 19, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-07-18-5 - Safari 9.1.2 is now available and addresses information disclosure, spoofing, and various other vulnerabilities.

tags | advisory, spoof, vulnerability, info disclosure
systems | apple
advisories | CVE-2016-4583, CVE-2016-4584, CVE-2016-4585, CVE-2016-4586, CVE-2016-4587, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591, CVE-2016-4592, CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651
MD5 | f382150af03b8b025eb19940c43f55a4

Apple Security Advisory 2016-07-18-5

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-07-18-5 Safari 9.1.2

Safari 9.1.2 is now available and addresses the following:

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a malicious website may disclose image data from
another website
Description: A timing issue existed in the processing of SVG. This
issue was addressed through improved validation.
CVE-2016-4583 : Roeland Krak

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: An origin inheritance issue existed in parsing of
about: URLs. This was addressed through improved validation of
security origins.
CVE-2016-4590 : xisigr of Tencent's Xuanwu
Lab (www.tencent.com)

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4586 : Apple
CVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks
CVE-2016-4622 : Samuel Gross working with Trend Microas Zero Day
Initiative
CVE-2016-4623 : Apple
CVE-2016-4624 : Apple

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a maliciously crafted website may result in the
disclosure of process memory
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2016-4587 : Apple

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a maliciously crafted webpage may lead to a system
denial of service
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2016-4592 : Mikhail

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a maliciously crafted website may compromise user
information on the file system
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4591 : ma.la of LINE Corporation

WebKit JavaScript Bindings
Available for: OS X El Capitan v10.11.6
Impact: Visiting a maliciously crafted website may lead to script
execution in the context of a non-HTTP service
Description: A cross-protocol cross-site scripting (XPXSS) issue
existed in Safari when submitting forms to non-HTTP services
compatible with HTTP/0.9. This issue was addressed by disabling
scripts and plugins on resources loaded over HTTP/0.9.
CVE-2016-4651 : Obscure

WebKit Page Loading
Available for: OS X El Capitan v10.11.6
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4584 : Chris Vienneau

WebKit Page Loading
Available for: OS X El Capitan v10.11.6
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-site scripting issue existed in Safari URL
redirection. This issue was addressed through improved URL validation
on redirection.
CVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions,
Inc. (www.mbsd.jp)

Safari 9.1.2 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXjXBBAAoJEIOj74w0bLRGvW8QAMqOAKm8CnLcqepi5pjP08WT
DZavcy5OGT/jah0WRuDSLSWgjWDQvGTsuIXvPr0sJp4ZU+KfpLRr/PP4jaHCEAgb
UOf1n42FcVsVdXwNUdyzpEvvRDd3RKzjVDWIi7VAB+dH3sM42C3qPcffJs2+sjOG
EQElvmMfAg4chSSCL6+y3l3uNabMk5oJeXJWICB8d1EtZpe5Epyp8GoYOh/JB2IG
Lt4Rw0rVG8BYYXWe8vJ0vbHSWMEaixQoDzsxFTxZUUCWBl0GqjM/Bjij+TyHf+lc
bb+4zfXPo8WKHad7M9ifl1+s8IzYUmdN3RZ8FFc02M7/i+rU0/HsmuRUxXG6dox3
r9sQKWeWr2xPmiU2pT0XPq95f2iLgt6rAFEfcK0zhLq3QbT5GQh9oyHwjc4c83+H
FGUQ8BrstJIGVRqERxI48kvhiH12PRAilEswFAAr9lJu5X+rmw/glSyYfcslkF49
rDZBAGLEFvCNuwjkAsTelvwiC3tAERhfjh33OENMgS43dVOQfwVpOWolOHN4Tqa4
oLIDzx+0+yVjs/IIAZmTdRLV7yDjat1CRN80FOBHkjuqbD8kL8hU45cvoclUjc6J
n4rOP1EG4SHph+DLfQiRVKbYWjOSOHWb3KMnkx+J5tuSVpe6FT/lpediznhacs+9
ukIIF2wGmuLEumkEjPi3
=2Qoy
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close