what you don't know can hurt you

Apple Security Advisory 2019-10-29-5

Apple Security Advisory 2019-10-29-5
Posted Nov 1, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-10-29-5 - Safari 13.0.3 is now available and addresses code execution and cross site scripting vulnerabilities.

tags | advisory, vulnerability, code execution, xss
systems | apple
advisories | CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823
MD5 | f49545b2ea44a8e739b76d721d1b536d

Apple Security Advisory 2019-10-29-5

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2019-10-29-5 Safari 13.0.3

Safari 13.0.3 is now available and addresses the following:

WebKit
Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6,
and included in macOS Catalina 10.15.1
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2019-8813: an anonymous researcher

WebKit
Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6,
and included in macOS Catalina 10.15.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8782: Cheolung Lee of LINE+ Security Team
CVE-2019-8783: Cheolung Lee of LINE+ Graylab Security Team
CVE-2019-8808: found by OSS-Fuzz
CVE-2019-8811: Soyeon Park of SSLab at Georgia Tech
CVE-2019-8812: an anonymous researcher
CVE-2019-8814: Cheolung Lee of LINE+ Security Team
CVE-2019-8816: Soyeon Park of SSLab at Georgia Tech
CVE-2019-8819: Cheolung Lee of LINE+ Security Team
CVE-2019-8820: Samuel GroƟ of Google Project Zero
CVE-2019-8821: Sergei Glazunov of Google Project Zero
CVE-2019-8822: Sergei Glazunov of Google Project Zero
CVE-2019-8823: Sergei Glazunov of Google Project Zero

WebKit Process Model
Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6,
and included in macOS Catalina 10.15.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8815: Apple

Additional recognition

WebKit
We would like to acknowledge Dlive of Tencent's Xuanwu Lab and Zhiyi
Zhang of Codesafe Team of Legendsec at Qi'anxin Group for their
assistance.

Installation note:

Safari 13.0.3 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24p5UpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQBz4uGe3y0M1LAg//
fHUCPO59afw9n4DzZeFXpudIfkl/loz/UHJ8EpOf8KljSq0krbwAgY94o3brfpz1
Q9fZPWIfVJcijR2DdxA9qm2SKvzd5Z7mIpIJ1TBVGpU5Zi9iiqwincK8Q08HVMeP
k6/Ue5VV5GTPEdhaDMPTHooMIPiUg/i7NV6PJHcLf6xEGSmOsVOCgmfho9Nt1ZXr
eiUXJ7RG/4hmubbUUUNhBXLRy1dPHZYjweP5MJdezQitYSgHC/XBPktqRWqOblLT
XLppf+lX3957KoqoM2nxQ+UqF/ohIclYvBw5hgoqm4pTcNscixgoVfb+eyBtR2YB
n7Y4D0IBjDcqEiix6QmhqRGGgf8rH/2qCdIEcTIGffYBZngQMUWlc2x/MebiACkW
/jVun5wSILGVMd/qa9ol8gsH//lr23/BE4hD0pcD1JK49T4Zp66JzHLShiQ5sqQt
6AT2axARGOeyaLNFVVrJvxaEqeM1nhYvJw37X82qSr+8YGOrznG0sUJdaISbi6bz
v/YwV6Ek/6CTOMaTg1Xpgk50icAQm2cNnfBmnM/CEkUqS627Z/Y8RzKU+PFrlhuC
1AIrpyat47AdFUhJ+nbP29qfR8ANu0/GcLJPnC9aYqWftneI+V6hhs/9IvY+QQJS
9sWndqDp8uSKoG84352ubxPZNlBGAYOjwAZ3LvaO4tA=
=8wFb
-----END PGP SIGNATURE-----


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    22 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close