2014 m. gegužės 23 d., penktadienis

APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4

APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4

Safari 6.1.4 and Safari 7.0.4 are now available and address the
following:

WebKit
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-2875 : miaubiz
CVE-2013-2927 : cloudfuzzer
CVE-2014-1323 : banty
CVE-2014-1324 : Google Chrome Security Team
CVE-2014-1326 : Apple
CVE-2014-1327 : Google Chrome Security Team, Apple
CVE-2014-1329 : Google Chrome Security Team
CVE-2014-1330 : Google Chrome Security Team
CVE-2014-1331 : cloudfuzzer
CVE-2014-1333 : Google Chrome Security Team
CVE-2014-1334 : Apple
CVE-2014-1335 : Google Chrome Security Team
CVE-2014-1336 : Apple
CVE-2014-1337 : Apple
CVE-2014-1338 : Google Chrome Security Team
CVE-2014-1339 : Atte Kettunen of OUSPG
CVE-2014-1341 : Google Chrome Security Team
CVE-2014-1342 : Apple
CVE-2014-1343 : Google Chrome Security Team
CVE-2014-1344 : Ian Beer of Google Project Zero
CVE-2014-1731 : an anonymous member of the Blink development
community

WebKit
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3
Impact:  A malicious site can send messages to a connected frame or
window in a way that might circumvent the receiver's origin check
Description:  An encoding issue existed in the handling of unicode
characters in URLs. A maliciously crafted URL could have led to
sending an incorrect postMessage origin. This issue was addressed
through improved encoding/decoding.
CVE-ID
CVE-2014-1346 : Erling Ellingsen of Facebook


For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4
and Safari 6.1.4 may be obtained from Mac App Store.

For OS X Lion systems Safari 6.1.4 is available via the Apple
Software Update application.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
Pranešimą parašė ties

Komentarų nėra:

Rašyti komentarą

Užsisakykite: Rašyti komentarus (Atom)