what you don't know can hurt you

Apple Security Advisory 2019-10-29-5

Apple Security Advisory 2019-10-29-5
Posted Nov 1, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-10-29-5 - Safari 13.0.3 is now available and addresses code execution and cross site scripting vulnerabilities.

tags | advisory, vulnerability, code execution, xss
systems | apple
advisories | CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823
MD5 | f49545b2ea44a8e739b76d721d1b536d

Apple Security Advisory 2019-10-29-5

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2019-10-29-5 Safari 13.0.3

Safari 13.0.3 is now available and addresses the following:

WebKit
Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6,
and included in macOS Catalina 10.15.1
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2019-8813: an anonymous researcher

WebKit
Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6,
and included in macOS Catalina 10.15.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8782: Cheolung Lee of LINE+ Security Team
CVE-2019-8783: Cheolung Lee of LINE+ Graylab Security Team
CVE-2019-8808: found by OSS-Fuzz
CVE-2019-8811: Soyeon Park of SSLab at Georgia Tech
CVE-2019-8812: an anonymous researcher
CVE-2019-8814: Cheolung Lee of LINE+ Security Team
CVE-2019-8816: Soyeon Park of SSLab at Georgia Tech
CVE-2019-8819: Cheolung Lee of LINE+ Security Team
CVE-2019-8820: Samuel GroƟ of Google Project Zero
CVE-2019-8821: Sergei Glazunov of Google Project Zero
CVE-2019-8822: Sergei Glazunov of Google Project Zero
CVE-2019-8823: Sergei Glazunov of Google Project Zero

WebKit Process Model
Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6,
and included in macOS Catalina 10.15.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8815: Apple

Additional recognition

WebKit
We would like to acknowledge Dlive of Tencent's Xuanwu Lab and Zhiyi
Zhang of Codesafe Team of Legendsec at Qi'anxin Group for their
assistance.

Installation note:

Safari 13.0.3 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24p5UpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQBz4uGe3y0M1LAg//
fHUCPO59afw9n4DzZeFXpudIfkl/loz/UHJ8EpOf8KljSq0krbwAgY94o3brfpz1
Q9fZPWIfVJcijR2DdxA9qm2SKvzd5Z7mIpIJ1TBVGpU5Zi9iiqwincK8Q08HVMeP
k6/Ue5VV5GTPEdhaDMPTHooMIPiUg/i7NV6PJHcLf6xEGSmOsVOCgmfho9Nt1ZXr
eiUXJ7RG/4hmubbUUUNhBXLRy1dPHZYjweP5MJdezQitYSgHC/XBPktqRWqOblLT
XLppf+lX3957KoqoM2nxQ+UqF/ohIclYvBw5hgoqm4pTcNscixgoVfb+eyBtR2YB
n7Y4D0IBjDcqEiix6QmhqRGGgf8rH/2qCdIEcTIGffYBZngQMUWlc2x/MebiACkW
/jVun5wSILGVMd/qa9ol8gsH//lr23/BE4hD0pcD1JK49T4Zp66JzHLShiQ5sqQt
6AT2axARGOeyaLNFVVrJvxaEqeM1nhYvJw37X82qSr+8YGOrznG0sUJdaISbi6bz
v/YwV6Ek/6CTOMaTg1Xpgk50icAQm2cNnfBmnM/CEkUqS627Z/Y8RzKU+PFrlhuC
1AIrpyat47AdFUhJ+nbP29qfR8ANu0/GcLJPnC9aYqWftneI+V6hhs/9IvY+QQJS
9sWndqDp8uSKoG84352ubxPZNlBGAYOjwAZ3LvaO4tA=
=8wFb
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close