-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-07-15-5 Safari 13.1.2 Safari 13.1.2 is now available and addresses the following: Safari Downloads Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode Description: A logic issue was addressed with improved restrictions. CVE-2020-9912: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com) Safari Login AutoFill Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: A malicious attacker may cause Safari to suggest a password for the wrong domain Description: A logic issue was addressed with improved restrictions. CVE-2020-9903: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com) Safari Reader Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy Description: A logic issue was addressed with improved restrictions. CVE-2020-9911: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com) WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. CVE-2020-9915: an anonymous researcher WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2020-9925: an anonymous researcher WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative CVE-2020-9895: Wen Xu of SSLab, Georgia Tech WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: Multiple issues were addressed with improved logic. CVE-2020-9910: Samuel Groß of Google Project Zero WebKit Page Loading Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: A malicious attacker may be able to conceal the destination of a URL Description: A URL Unicode encoding issue was addressed with improved state management. CVE-2020-9916: Rakesh Mane (@RakeshMane10) WebKit Web Inspector Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: Copying a URL from Web Inspector may lead to command injection Description: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. CVE-2020-9862: Ophir Lojkine (@lovasoa) Installation note: Safari 13.1.2 may be obtained from the Mac App Store. -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8PNx4ACgkQBz4uGe3y 0M2+ZQ/7ByKUtmzMw18WfXzQZlxvfEulMz/QgCiHe1VvmHh1OuMspM9Et3AIVnZP wU1IfSeOKp9y62L8pPAU1mg/BnqXx2vNsoDrZq7dcPYIDTrfGsZQRrYy66E2VA9P TQyIeY8ZWXG8jKJ4kBczu/hmy+q+0HVNlZcU4Q4PsjkE0p53DzSSuPgBbqN5fXlr fbZthRYEa1jXfI/om7NLYAu9rLw/2ngXZjI1PR3m4iRbNBG4gqXXQ7Sl5xVz4oDv Nb6PbR8LTQCdmLaq8gXfc4koEnCsFK1k1194nXgYg88hlbT/zqO55Fiofw9y70aK NC0JJFznC3DT5wgZHE9j5/g1USrC34OTZNenipud4VWFm2gTamgGe7c0Bji3NLeG buHa13M7Z2PpGmB/fszdipj8iLvm3uRZjVJtHDOxmuztriTFwpytk2TwlzayW+/v l4knuEohMnHQljRsQgLC9jzs2/udAXWxW7lv7FNGlfnxHJVY+cC9vNl7PPeGNaed 4khxlLZUn2Bc5gog8GZv0ryuWLvmlo4XVkZSnrsOXHlP0oseSJntz9/GxcAgCRww PoFu8DOc9f6orbNsQEF3ZbCyXVG/EwSKOmQPtP1ihv+yjamDGw8yNd61/qqDvwIT db5tmKrslK49r8jkup7RuiKpgRgXI29dws+qwIV4808FNZQaYzU= =hpCf -----END PGP SIGNATURE-----