Exploit the possiblities

Apple Security Advisory 2017-05-15-7

Apple Security Advisory 2017-05-15-7
Posted May 16, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-05-15-7 - Safari 10.1.1 is now available and addresses denial of service, spoofing, code execution, and various other vulnerabilities.

tags | advisory, denial of service, spoof, vulnerability, code execution
systems | apple
advisories | CVE-2017-2495, CVE-2017-2496, CVE-2017-2499, CVE-2017-2500, CVE-2017-2504, CVE-2017-2505, CVE-2017-2506, CVE-2017-2508, CVE-2017-2510, CVE-2017-2511, CVE-2017-2514, CVE-2017-2515, CVE-2017-2521, CVE-2017-2525, CVE-2017-2526, CVE-2017-2528, CVE-2017-2530, CVE-2017-2531, CVE-2017-2536, CVE-2017-2538, CVE-2017-2539, CVE-2017-2544, CVE-2017-2547, CVE-2017-2549, CVE-2017-6980, CVE-2017-6984
MD5 | 725655eec756ea4992a71043d722719d

Apple Security Advisory 2017-05-15-7

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-05-15-7 Safari 10.1.1

Safari 10.1.1 is now available and addresses the following:

Safari
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Visiting a maliciously crafted webpage may lead to an
application denial of service
Description: An issue in Safari's history menu was addressed through
improved memory handling.
CVE-2017-2495: Tubasa Iinuma (@llamakko_cafe) of Gehirn Inc.

Safari
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-2500: Zhiyang Zeng and Yuyang Zhou of Tencent Security
Platform Department
CVE-2017-2511: Zhiyang Zeng of Tencent Security Platform Department

WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-2496: Apple
CVE-2017-2505: lokihardt of Google Project Zero
CVE-2017-2506: Zheng Huang of the Baidu Security Lab working with
Trend Microas Zero Day Initiative
CVE-2017-2514: lokihardt of Google Project Zero
CVE-2017-2515: lokihardt of Google Project Zero
CVE-2017-2521: lokihardt of Google Project Zero
CVE-2017-2525: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab (
tencent.com) working with Trend Microas Zero Day Initiative
CVE-2017-2526: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab
(tencent.com) working with Trend Microas Zero Day Initiative
CVE-2017-2530: Wei Yuan of Baidu Security Lab
CVE-2017-2531: lokihardt of Google Project Zero
CVE-2017-2538: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
CVE-2017-2539: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
CVE-2017-2544: 360 Security (@mj0011sec) working with Trend Micro's
Zero Day Initiative
CVE-2017-2547: lokihardt of Google Project Zero,
Team Sniper (Keen Lab and PC Mgr) working with Trend Micro's Zero Day
Initiative
CVE-2017-6980: lokihardt of Google Project Zero
CVE-2017-6984: lokihardt of Google Project Zero

WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit Editor
commands. This issue was addressed with improved state management.
CVE-2017-2504: lokihardt of Google Project Zero

WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit
container nodes. This issue was addressed with improved state
management.
CVE-2017-2508: lokihardt of Google Project Zero

WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of pageshow
events. This issue was addressed with improved state management.
CVE-2017-2510: lokihardt of Google Project Zero

WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit cached
frames. This issue was addressed with improved state management.
CVE-2017-2528: lokihardt of Google Project Zero

WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues with addressed through
improved memory handling.
CVE-2017-2536: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative

WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in frame loading. This issue was
addressed with improved state management.
CVE-2017-2549: lokihardt of Google Project Zero

WebKit Web Inspector
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: An application may be able to execute unsigned code
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2499: George Dan (@theninjaprawn)

Installation note:

Safari 10.1.1 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJZGdmMAAoJEIOj74w0bLRGxi0P/RqhFhUl2dpkTY8fSc/Wpzub
wuddiZwq3N6DDOioJuKYj0SfO0xazfb5IC2a+YOlQ7CwnorOw648O6PFTTLnTGun
fJwP+aIovFdL6h4NuyBRZJvSxXQSCdlV2gBcDCOdc0SmHGHjk87u0bjTvPY4P34z
Jfr0+Q0wNCAVgd/DQbreJFQzHaGieQ6heGRoFB/ag17f9DRyxmhCLxdn1XmKIXWV
/602XgwLnlpVBAFRDmNNSjkF4C2/qoUGyCQR1WrkwoN2L4wQ1mxxNKNBzlSH8AzY
RlV3UdnFJMrdddOkMc7GTgSwMWhyD84YrcpGuxL1ImIiyafZ7DCc3fZWUSgMIhE2
FwCBnga4qlqCzaNeZPpTfbufROHansUBy8FQds1IDm62nm4mw4IJeuortlrBtFLf
Zo/P4ftzTG8gihkcOhg1ew8KW8hi5WeH554zIYVMZA839bfWr7B9ebjw3Run0Uka
M7abLl4l1fvWluB+LHt5m65knnw6biNDs8gw5xkBLwDFU4zc3Z5Q/G/AiL9pe1Yz
wE5MUiECDy3WrVaCptkjXdvJiev+KjrQnHkd0ui56sS9MjrP+f2P1OZCfcqmlibJ
+U6YIErsplfR9FIaaf+ntlEV5f9BBeq0VHfQJfigwVD5bHUFBSr4ZHq9/9NEDoGu
Kh8ARPteimq+z9WoNkT/
=H1Pv
-----END PGP SIGNATURE-----



Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    42 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close