what you don't know can hurt you

Apple Security Advisory 2019-5-13-5

Apple Security Advisory 2019-5-13-5
Posted May 14, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-5-13-5 - Safari 12.1.1 is now available and addresses code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8628
MD5 | 21c60aa9fe0305cd661e7babfff726ed

Apple Security Advisory 2019-5-13-5

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2019-5-13-5 Safari 12.1.1

Safari 12.1.1 is now available and addresses the following:

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
included in macOS Mojave 10.14.5
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
included in macOS Mojave 10.14.5
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-6237: G. Geshev working with Trend Micro Zero Day
Initiative, Liu Long of Qihoo 360 Vulcan Team
CVE-2019-8571: 01 working with Trend Micro's Zero Day Initiative
CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_)
of Tencent Keen Lab, and dwfault working at ADLab of Venustech
CVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero
Day Initiative
CVE-2019-8586: an anonymous researcher
CVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative
CVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security &
Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab
CVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero
Day Initiative
CVE-2019-8596: Wen Xu of SSLab at Georgia Tech
CVE-2019-8597: 01 working with Trend Micro Zero Day Initiative
CVE-2019-8601: Fluoroacetate working with Trend Micro's Zero Day
Initiative
CVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative
CVE-2019-8609: Wen Xu of SSLab, Georgia Tech
CVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative
CVE-2019-8611: Samuel Groß of Google Project Zero
CVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro's
Zero Day Initiative
CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and
Hanqing Zhao of Chaitin Security Research Lab
CVE-2019-8622: Samuel Groß of Google Project Zero
CVE-2019-8623: Samuel Groß of Google Project Zero
CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and
Hanqing Zhao of Chaitin Security Research Lab

Additional recognition

Safari
We would like to acknowledge Michael Ball of Gradescope by Turnitin
for their assistance.

Installation note:

Safari 12.1.1 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZrUkpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EGGBAA
jan3x6GxZzcawJskOhoEVDuZTcb19c+K9Q+jHPbG6szt2ChRkpZfN2fX+fqG8q7Y
Itu63uFCfhWMKRbQrwIvzBceEUsNCbgiKNrIJGtEJkmvZjp84ETTjp5WYjMGCTCI
8pe/ij5TtFwJWWXKboO3rVfxfFcfI/67g/wx05l3h2YFoC9Fm52isUkycaAi0siP
M4/nTeoA5BTAuv+7J6ohw5TgcYR8NEENpaVTQcUIMLyO3E/wlRcEoHLRtHnMjR89
CGwZg1/LIF/Ae3hJmg5O9PQMIDU6u8ILi/BVK4LGZ4u3x8Qfvg7fm556J6wBEUuP
YZ2Mne5Gg1ayUGw/glTbpAkP1XFymvPloyC6/41r3b46X/nExXER86RC2uNJNNe3
8doCYGznFWWbsGBAAVrWut0sS80nOyjSpoAifkkhqZEXbo8pyvjqfGVGijwzcKcd
iTdzhpcYahJ1WUIAIXbxjFlHJ8muFxyKrEuqrjnXqM+EjyYP/tu8VOCl2blTOGLP
vPmF6ZBHoP3Dtqk9Z+XNusJFGWo7Nm+HLzXTyQsdbnGu8EnP6ywLHBrmBVu03men
Os4rHHH1zueO42iPnATC60y9jvyFt2ofnQHCkPl7FdWS8Ek9nVgIhtzaLokrSQM7
TZ10USIZOmz/2BQs133z+fA30SgDUNDyMIE47x6x3HI=
=bWtO
-----END PGP SIGNATURE-----


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    10 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    2 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    19 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close