You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa Safari

Sigurnosni nedostaci programskog paketa Safari

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: M
  • Kategorije: APL

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

APPLE-SA-2020-09-16-3 Safari 14.0

Safari 14.0 is now available and addresses the following:

WebKit
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-9948: Brendan Draper (@6r3nd4n) working with Trend Micro
Zero Day Initiative

WebKit
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9951: Marcin ‘Icewall’ Noga of Cisco Talos

WebKit
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9952: Ryan Pickren (ryanpickren.com)

WebKit
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9983: zhunki

Installation note:

Safari 14.0 may be obtained from the Mac App Store.
—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl9igrIACgkQZcsbuWJ6
jjCpCg/9HrN7CFbJ5xDXcHJdB/nQi4DeMR7Ub39sDRg7fjhUN9hVpAfYe8wqfS/6
CCnegVb/vz2OEo0gFQdp9xvKeVKzzepxjf2KCUNmEaKilY+ERWp5E6Y210GEHwYz
ihwTtLPk76hTupqquxq21IvofUgT0fpUmiLkL5vRucYe5qh963bKM4EJ6wwcJ2SM
b3IkGsiG4L4aOIaQWZ0lpfiDF2RvHwmi4zRdMLGw18mjmufdjmj0UrxoUYjZreu7
AAXYYwo6xozYZ/dSV3a/7QBZZ76kn3g0n3fMrymyKF2p+M3Arj78zX+N0ZsdSR0Y
rIALxZrJR9JEeng+D3V+e+KrFTRAPTPXS5tdnHwrO0IK3LQx3gcmInH3vDLpTDtw
uCr8EFpl54ukYmrvOHIEo+touCl37sneB7J6oC9SWDRB3HyrgCq31r8mDrNOnKbg
RPkdqhW5NYZ14DsBRszutTZcuXZ+V4jVbWIzmI2FADrnc61oQPNhM0gOM/wKdIMs
0BsOufl6NIqIyR613mrkso0fKh7kO5k3Mxrlkbns8/r1ZayjJy8EpWoYkagZzwlH
hFY+JSZDwF35KMa4rxHW67HAuJrQWcNn3NjtGkWg50GqWMPCueiefzOp7jDha1VY
ZxiH8LYs6ptMIkwG6FBUjLO22wu2oXuuiiAjyUCgoWUgQTj8UoQ=
=Z6cg
—–END PGP SIGNATURE—–
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/security-announce/advinp%40cert.hr

This email sent to advinp@cert.hr

AutorBruno Varga
Cert idNCERT-REF-2020-09-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libdbi-perl

Otkriveni su sigurnosni nedostaci programske biblioteke libdbi-perl za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izvršavanje proizvoljnog programskog koda...

Close