exploit the possibilities

Apple Security Advisory 2020-11-13-5

Apple Security Advisory 2020-11-13-5
Posted Nov 13, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-11-13-5 - Safari 14.0 addresses code execution, cross site scripting, out of bounds write, spoofing, and use-after-free vulnerabilities.

tags | advisory, spoof, vulnerability, code execution, xss
systems | apple
advisories | CVE-2020-9947, CVE-2020-9948, CVE-2020-9950, CVE-2020-9951, CVE-2020-9952, CVE-2020-9983, CVE-2020-9987, CVE-2020-9993
MD5 | 4abb2ed024c0733f7aa17e86cafa43b1

Apple Security Advisory 2020-11-13-5

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2020-11-13-5 Additional information for
APPLE-SA-2020-09-16-3 Safari 14.0

Safari 14.0 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT211845.

Safari
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The issue was addressed with improved UI handling.
CVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba,
Piotr Duszynski
Entry added November 12, 2020

Safari
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2020-9987: Rafay Baloch (cybercitadel.com) of Cyber Citadel
Entry added November 12, 2020

WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-9948: Brendan Draper (@6r3nd4n) working with Trend Micro
Zero Day Initiative

WebKit
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9947: cc working with Trend Micro Zero Day Initiative
CVE-2020-9950: cc working with Trend Micro Zero Day Initiative
CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos
Entry updated November 12, 2020

WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9952: Ryan Pickren (ryanpickren.com)

WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9983: zhunki

Additional recognition

Safari
We would like to acknowledge @PaulosYibelo of Limehats, Ryan Pickren
(ryanpickren.com) for their assistance.
Entry added November 12, 2020

Safari Reader
We would like to acknowledge Zhiyang Zeng(@Wester) of OPPO ZIWU
Security Lab for their assistance.
Entry added November 12, 2020

WebKit
We would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan
Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang
Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance.
Entry added November 12, 2020

Installation note:

Safari 14.0 may be obtained from the Mac App Store.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uxmkACgkQZcsbuWJ6
jjC10xAApnFTMOYmt4Y5o7KF5E6OBizR9toCIxwAxr8nRX5/UfPC3aIKv7DFYTP/
JrAlUMM8soZAuytc1dQPXpMgsM71OctsSM92Z06oEVeiN9w1lZ/Bonh8F2R0Sm2Y
upMFk6aHHWt++JfhbYQULNZx9zrT885dmyynLTk5kHB8TRnIqUmtzcpeYWkGkT78
TdMn9w9atcbSbi0Yqybmy+CE3qvm96C8TIQTMj2Qlp04AU0ZAtogZfTwJvPV8LIx
sqHaGRO2hcTchxcWn50edjANOOBK+16QdcqoTKKVZY95RjIFvksD/lAZqMlNIlNR
X5pXr2NfkPRQwMcyAW4YKEJ165TohV/6eiYKJr70BbigWWwfNWhjJiT4drAnd9ii
uO6NI85hLLeF6me28L2RPxO7XuVnu5MXzLzgKR0dprsyoF0yxEcJ6rX56bduggli
lZ+eziUH5ReUw0E3RtIC5u0NSOPjsYuErH0qH0nCTUU6dRNI7u1ZKq44eyGjrdvg
vfNoci5yMnqsp+8D/yjZc2zQZCSEXgMpuNNac1Unv1JFPrypG/N5a2qmqDWi+P/x
Pcbv1TzDS0XwXuwXMgTflj6MY38gbAIpZlZNEyjvxx9r7MUBYEeEW1KMoTtghiaa
kL7XmKJEGZib++TAP4+jZ/6tWjhijdmkx5S+85vi7TV8NbHpn4o=
=EiFD
-----END PGP SIGNATURE-----



Login or Register to add favorites

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    22 Files
  • 2
    Dec 2nd
    33 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close