-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-05-25-5 Safari 14.1.1 Safari 14.1.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212534. WebKit Available for: macOS Catalina and macOS Mojave Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab, ASU. working with Trend Micro Zero Day Initiative CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative WebKit Available for: macOS Catalina and macOS Mojave Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. CVE-2021-30744: Dan Hite of jsontop WebKit Available for: macOS Catalina and macOS Mojave Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A logic issue was addressed with improved restrictions. CVE-2021-30720: David Schütz (@xdavidhu) WebKit Available for: macOS Catalina and macOS Mojave Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2021-30682: an anonymous researcher and 1lastBr3ath WebKit Available for: macOS Catalina and macOS Mojave Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-21779: Marcin Towalski of Cisco Talos WebKit Available for: macOS Catalina and macOS Mojave Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2021-30689: an anonymous researcher WebKit Available for: macOS Catalina and macOS Mojave Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2021-30663: an anonymous researcher WebRTC Available for: macOS Catalina and macOS Mojave Impact: A remote attacker may be able to cause a denial of service Description: A null pointer dereference was addressed with improved input validation. CVE-2021-23841: Tavis Ormandy of Google CVE-2021-30698: Tavis Ormandy of Google Additional recognition WebKit We would like to acknowledge Chris Salls (@salls) of Makai Security for their assistance. Installation note: This update may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9IACgkQZcsbuWJ6 jjBEaw//cfvBiTZmkDNa2kDjJLMb4J6AmLZMGDGZrE/nJ9kvck9ac4gFZLv0Poz+ PchsZvRelHeadMONH7TbpZlWued9xVn4yQVzO+FPFXmRQgMDPiYwfgP5dnRrfbH0 i3yOiaZuUdo1PKd103CgjpTEc4pJKZpJz5y5PmHIFQxuQt5qynDkSPfrIiszhZ+5 AAh2biUWETDHvPLojVNumhtQOSq/hRXjkOI0+7Foprjg99p2a3TgQeXdgKsuJBpD Y3Q9WmRrPpwaDR8Hs2qO7Vlo1Nhldo060e5UvBsHXORzOu//boAefYXIK9W1ZKeZ fOKkrAnwZXcoU3UM/gcvyEXg2e3jt5I0zOV1tDmyQpRfbhR1QsmbWzWLspoOmsVL CtPh2aS0VYJJ4L6DP+VfdOnwVaTkirHh7LMifZ4UjsEMVz81ODagIj8t5MrDFpyt vI732lWm5whdaBaxmTe/bCxxAAJhPlKawCySQQODfUEh8ll9ByxpNH2NPOpy57QS +HxBK4UuWTPGsF7pkLzeCPoJfCZ0OaaS74WcHFanP/TeR3x5E4rTwuHDqD4ItkfD fVpmVvnyOT+9MKd3Fwopcg8JOM2i96I0G1ptbk4EeYZnQEw2ChU6NDz66AeZwub0 JM43xG0hT7OnUQRm3d9B0su/OzfWQHCCHsZ8WkPxcihUDalDDJg= =CpII -----END PGP SIGNATURE-----