Apple Security Advisory 2022-09-12-5 - Safari 16 addresses buffer overflow, code execution, out of bounds read, and spoofing vulnerabilities.
7c9556f5dcc4cf57fb8f21c8c6cd1bdeff9396447e0843a5d5167e823eb1660a-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-09-12-5 Safari 16
Safari 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213442.
Safari Extensions
Available for: macOS Big Sur and macOS Monterey
Impact: A website may be able to track users through Safari web
extensions
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 242278
CVE-2022-32868: Michael
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
WebKit Bugzilla: 241969
CVE-2022-32886: P1umer, afang5472, xmzyshypnc
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
WebKit Bugzilla: 242762
CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with
Trend Micro Zero Day Initiative
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 243236
CVE-2022-32891: @real_as3617, an anonymous researcher
Safari 16 may be obtained from the Mac App Store.
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmMfdgMACgkQ4RjMIDke
Nxk7dRAAgdvFNEmEdfhDdLWbn7ZIdNrxPZDsg1MiCVFyPvPesNRo3Uj+XI2m93E4
U7koTDn7+DE62TjkdNEqOQ0bXpy84uWAcZoZDmGJOt0IQOPwcMf8CMzhj/GytrTt
PCC2IjWDuoJsoQ9lIm71WN3nsfrpO/P4cO04H3Tw4CxFI9Oj0doALGvamf0XVYCN
TyCdw15kQ+WTriI5rnzsE4qqh4vaEKeuyEiZQzR26p3ctpT+inffGz6g9uYgy5AW
v1Kwln7DDSIvYyAcrIyPKqwjsdfD6dmnufKTSUkOHLOpvqx5P/PLQ9f4qv3VXy6c
Bs4eLUUvONzxoo07TB3V3/OsC1eQwDnPugrja5SFTgZUpl9QM7PMijoOar7Y11JL
fMgJArHEDWB4JatejBrgsBps+SU2ozSAaT71hfm77Jb1TSSRDuxX2po2AjiwKOcF
S+T2yJSIgI5nsP9i1RRG3+hN6MOUKKmFxlWxXPLdCO4pG04qdmMOE5HR2bRgQ3/o
gdRb/OYTQkchSlhbpvdF8zO0QZLXh+GeiLxWoygfbQQmv33KeKRlrbKVctyB4HQZ
ZxTi0Tn5pfdnuB2QvGn6b0KZZJlDHkiiNj3grvD5uFSH6H0MV7apLiJ636qEL/Tp
o8PWQgop+KfYatZDVAQMYekpRYwz7oDdFm/i6SYvnP09wx55Ooc=+qsX
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed