Exploit the possiblities

Apple Security Advisory 2017-07-19-5

Apple Security Advisory 2017-07-19-5
Posted Jul 21, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-07-19-5 - Safari 10.1.2 is now available and addresses spoofing, cross origin, and various other vulnerabilities.

tags | advisory, spoof, vulnerability
systems | apple
advisories | CVE-2017-7006, CVE-2017-7011, CVE-2017-7012, CVE-2017-7018, CVE-2017-7019, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7038, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7059, CVE-2017-7060, CVE-2017-7061, CVE-2017-7064
MD5 | 1ed95c0427dc5589003399ef7858d3bd

Apple Security Advisory 2017-07-19-5

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-07-19-5 Safari 10.1.2

Safari 10.1.2 is now available and addresses the following:

Safari
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12.6
Impact: Processing maliciously crafted web content may lead to an
infinite number of print dialogs
Description: An issue existed where a malicious or compromised
website could show infinite print dialogs and make users believe
their browser was locked. The issue was addressed through throttling
of print dialogs.
CVE-2017-7060: Travis Kelley of City of Mishawaka, Indiana

WebKit
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12.6
Impact: A malicious website may exfiltrate data cross-origin
Description: Processing maliciously crafted web content may allow
cross-origin data to be exfiltrated by using SVG filters to conduct a
timing side-channel attack. This issue was addressed by not painting
the cross-origin buffer into the frame that gets filtered.
CVE-2017-7006: David Kohlbrenner of UC San Diego, an anonymous
researcher

WebKit
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12.6
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A state management issue was addressed with improved
frame handling.
CVE-2017-7011: xisigr of Tencent's Xuanwu Lab (tencent.com)

WebKit
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12.6
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7018: lokihardt of Google Project Zero
CVE-2017-7020: likemeng of Baidu Security Lab
CVE-2017-7030: chenqin of Ant-financial Light-Year Security Lab
(eeeaea*'ae-aa1'a(r)a"a(r)eaa(r)$?)
CVE-2017-7034: chenqin of Ant-financial Light-Year Security Lab
(eeeaea*'ae-aa1'a(r)a"a(r)eaa(r)$?)
CVE-2017-7037: lokihardt of Google Project Zero
CVE-2017-7039: Ivan Fratric of Google Project Zero
CVE-2017-7040: Ivan Fratric of Google Project Zero
CVE-2017-7041: Ivan Fratric of Google Project Zero
CVE-2017-7042: Ivan Fratric of Google Project Zero
CVE-2017-7043: Ivan Fratric of Google Project Zero
CVE-2017-7046: Ivan Fratric of Google Project Zero
CVE-2017-7048: Ivan Fratric of Google Project Zero
CVE-2017-7052: cc working with Trend Micro's Zero Day Initiative
CVE-2017-7055: The UK's National Cyber Security Centre (NCSC)
CVE-2017-7056: lokihardt of Google Project Zero
CVE-2017-7061: lokihardt of Google Project Zero

WebKit
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12.6
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2017-7064: lokihardt of Google Project Zero

WebKit
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12.6
Impact: Processing maliciously crafted web content with DOMParser may
lead to cross site scripting
Description: A logic issue existed in the handling of DOMParser. This
issue was addressed with improved state management.
CVE-2017-7038: Neil Jenkins of FastMail Pty Ltd, Egor Karbutov
(@ShikariSenpai) of Digital Security and Egor Saltykov
(@ansjdnakjdnajkd) of Digital Security
CVE-2017-7059: an anonymous researcher

WebKit
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12.6
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-7049: Ivan Fratric of Google Project Zero

WebKit Page Loading
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12.6
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7019: Zhiyang Zeng of Tencent Security Platform Department

WebKit Web Inspector
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12.6
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7012: Apple

Installation note:

Safari 10.1.2 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJZb5VSAAoJEIOj74w0bLRGu+8QAJFXygjh/tXHHRgutWMJ8oVt
HGnjco28J9CE15LWYGc40imbEd+QQyAa3zOLwLqIgJ3HUJ2GCrazFiffNa3VQ0BL
wraZmXFO9JuC4w25sniApMqxjiGj8SWWelgZTkWJHIfKQi5D1EvB/6FLILIUVdUM
v0qH1CtDzsMnO09hoAMDlW8AU5DdWqClb7mV6xENvHbpSvlvD8Z/eNmUxjcY2ANz
s2vcplw9i/Ub3Hyx+U1BznPZrGr0X1H5XmIQZ7SL4OYPi6lF0ykzqjcVkIO05r7u
y+a+2wVA+4f51n9zLXbg/vCmwiXTOdyQ4MoAaeZcv09e+fxgmjbKvjDt4275ufV5
67icnaMdQLlcXdQOnEsg/92NdcoXBDyVRwJiXyGldRWZhtmJRmEebiQtUshlN72q
RtNjxYvXvMIBGxWKZDWP3+4DvGYF9n9TsJUboIS7WuG5GwmjiCj/j/HsNVvTIVhr
TWUxuJeZFYUdPzq0yP7JmDZT4rWO4ckHZNW4UIKqhUKGNm6abTajQCifextqVWNx
fIKL6H0LzmwmR5jXkFHAY2Ki/qePNNS7MYoVMGCdTnA2492MGhPvnaVsHOOPUK88
DNNonfAHH7WRJTW6JVl/Y3fxGo0vYZdI7lgnXKEbYrMrebtx65Qgfa2iHqey3q7N
vbPy12ncIWblI58V+3Re
=6kNI
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    42 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close