-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2023-03-27-8 Safari 16.4 Safari 16.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213671. WebKit Available for: macOS Big Sur and macOS Monterey Impact: Processing maliciously crafted web content may bypass Same Origin Policy Description: This issue was addressed with improved state management. WebKit Bugzilla: 248615 CVE-2023-27932: an anonymous researcher WebKit Available for: macOS Big Sur and macOS Monterey Impact: A website may be able to track sensitive user information Description: The issue was addressed by removing origin information. WebKit Bugzilla: 250837 CVE-2023-27954: an anonymous researcher Additional recognition CFNetwork We would like to acknowledge an anonymous researcher for their assistance. WebKit We would like to acknowledge an anonymous researcher for their assistance. WebKit Web Inspector We would like to acknowledge Dohyun Lee (@l33d0hyun) and crixer (@pwning_me) of SSD Labs for their assistance. Safari 16.4 may be obtained from the Mac App Store. All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQiHn4ACgkQ4RjMIDke NxnzuA//R6r9YrqrgdWro+Why6ihvWKdVIBgEVu93nNfgd34+HLkRKsr00xH0hNw kDvjtfPpCeuQB61VtVO6dCEPHLJICqEyOeqHoIDYvKwAoH830u3S4vWA6ozJpBmd CCI+5tF9qAZWb+O0ED+hyU31z/+0s+gTGUjp7dhAnKJ6jKQOjSwWG4+YEgJA6wGG oOC8dXGTWMHQJsDyxliGC/FQVo6cyWtbZiwWB9QYKP48yIldrRWJz75xOUWYOjWe GYZ+vNDaOIi+/YHRHRYf/RY7Fdigur5rsWtzK/0v1T/n3t2kwe6WZkF4HdKFHRXL KSw1fogSQh1BncUXlVfkn3BMPoEOUxHkhtawdKkewK+W8ZTC2mq+YwrJ26YZMTmU 5Nvgua4gxm2gb8LupcaXxt+o/nIbbTWyNx6rEyskWMxw6jZksBwgdDk2pSrUtmWh d2VnkbUjoLXbP7uqSrf2gqd6drAVrHUlmEHLVAXCG60mhWNzCxr2M+DG2RZ0RLgJ DMy2O4zxdzWZxkRJE86LchYz8zToQD7eQXm3zMQTGdSZoJXr3NxVGwdCaCGdhGAA ckJV7nHybrVGQXdo5EeNuxKeiyJMimGGIDpQmHrrf+PgeL7zKi9e4KwyyobAmvZn lw86QALA/97AKbSQthqHlDnv+inUrdwH1TWcurtCkjeRHgkhif8= =o24C -----END PGP SIGNATURE-----