what you don't know can hurt you

Apple Security Advisory 2020-11-13-5

Apple Security Advisory 2020-11-13-5
Posted Nov 13, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-11-13-5 - Safari 14.0 addresses code execution, cross site scripting, out of bounds write, spoofing, and use-after-free vulnerabilities.

tags | advisory, spoof, vulnerability, code execution, xss
systems | apple
advisories | CVE-2020-9947, CVE-2020-9948, CVE-2020-9950, CVE-2020-9951, CVE-2020-9952, CVE-2020-9983, CVE-2020-9987, CVE-2020-9993
SHA-256 | 811b88f1e5b3d14923a4580f754ecc56118d06fe6387db59e96f29a0e239ef45

Apple Security Advisory 2020-11-13-5

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2020-11-13-5 Additional information for
APPLE-SA-2020-09-16-3 Safari 14.0

Safari 14.0 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT211845.

Safari
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The issue was addressed with improved UI handling.
CVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba,
Piotr Duszynski
Entry added November 12, 2020

Safari
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2020-9987: Rafay Baloch (cybercitadel.com) of Cyber Citadel
Entry added November 12, 2020

WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-9948: Brendan Draper (@6r3nd4n) working with Trend Micro
Zero Day Initiative

WebKit
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9947: cc working with Trend Micro Zero Day Initiative
CVE-2020-9950: cc working with Trend Micro Zero Day Initiative
CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos
Entry updated November 12, 2020

WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9952: Ryan Pickren (ryanpickren.com)

WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9983: zhunki

Additional recognition

Safari
We would like to acknowledge @PaulosYibelo of Limehats, Ryan Pickren
(ryanpickren.com) for their assistance.
Entry added November 12, 2020

Safari Reader
We would like to acknowledge Zhiyang Zeng(@Wester) of OPPO ZIWU
Security Lab for their assistance.
Entry added November 12, 2020

WebKit
We would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan
Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang
Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance.
Entry added November 12, 2020

Installation note:

Safari 14.0 may be obtained from the Mac App Store.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uxmkACgkQZcsbuWJ6
jjC10xAApnFTMOYmt4Y5o7KF5E6OBizR9toCIxwAxr8nRX5/UfPC3aIKv7DFYTP/
JrAlUMM8soZAuytc1dQPXpMgsM71OctsSM92Z06oEVeiN9w1lZ/Bonh8F2R0Sm2Y
upMFk6aHHWt++JfhbYQULNZx9zrT885dmyynLTk5kHB8TRnIqUmtzcpeYWkGkT78
TdMn9w9atcbSbi0Yqybmy+CE3qvm96C8TIQTMj2Qlp04AU0ZAtogZfTwJvPV8LIx
sqHaGRO2hcTchxcWn50edjANOOBK+16QdcqoTKKVZY95RjIFvksD/lAZqMlNIlNR
X5pXr2NfkPRQwMcyAW4YKEJ165TohV/6eiYKJr70BbigWWwfNWhjJiT4drAnd9ii
uO6NI85hLLeF6me28L2RPxO7XuVnu5MXzLzgKR0dprsyoF0yxEcJ6rX56bduggli
lZ+eziUH5ReUw0E3RtIC5u0NSOPjsYuErH0qH0nCTUU6dRNI7u1ZKq44eyGjrdvg
vfNoci5yMnqsp+8D/yjZc2zQZCSEXgMpuNNac1Unv1JFPrypG/N5a2qmqDWi+P/x
Pcbv1TzDS0XwXuwXMgTflj6MY38gbAIpZlZNEyjvxx9r7MUBYEeEW1KMoTtghiaa
kL7XmKJEGZib++TAP4+jZ/6tWjhijdmkx5S+85vi7TV8NbHpn4o=
=EiFD
-----END PGP SIGNATURE-----



Login or Register to add favorites

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close