Safari 10.0.2 is now available and addresses the following:
Safari Reader
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-7650: Erling Ellingsen
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4692: Apple
CVE-2016-7635: Apple
CVE-2016-7652: Apple
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4743: Alan Cutter
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Processing maliciously crafted web content may result in the
disclosure of user information
Description: A validation issue was addressed through improved state
management.
CVE-2016-7586: Boris Zbarsky
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-7587: Adam Klein
CVE-2016-7610: Zheng Huang of the Baidu Security Lab working with
Trend Micro's Zero Day Initiative
CVE-2016-7611: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2016-7639: Tongbo Luo of Palo Alto Networks
CVE-2016-7640: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7641: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7642: Tongbo Luo of Palo Alto Networks
CVE-2016-7645: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7646: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7648: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7649: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7654: Keen Lab working with Trend Micro's Zero Day
Initiative
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
state management.
CVE-2016-7589: Apple
CVE-2016-7656: Keen Lab working with Trend Micro's Zero Day
Initiative
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Processing maliciously crafted web content may compromise
user information
Description: An issue existed in handling of JavaScript prompts. This
was addressed through improved state management.
CVE-2016-7592: xisigr of Tencent's Xuanwu Lab
(tencent.com)
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An uninitialized memory access issue was addressed
through improved memory initialization.
CVE-2016-7598: Samuel Groß
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Processing maliciously crafted web content may result in the
disclosure of user information
Description: An issue existed in the handling of HTTP redirects. This
issue was addressed through improved cross origin validation.
CVE-2016-7599: Muneaki Nishimura (nishimunea) of Recruit Technologies
Co., Ltd.
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Visiting a maliciously crafted website may compromise user
information
Description: An issue existed in the handling of blob URLs. This
issue was addressed through improved URL handling.
CVE-2016-7623: xisigr of Tencent's Xuanwu Lab
(tencent.com)
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.1
Impact: Visiting a maliciously crafted webpage may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through improved
state management.
CVE-2016-7632: Jeonghoon Shin
Safari 10.0.2 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/
Komentarų nėra:
Rašyti komentarą