—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

APPLE-SA-2014-04-01-1 Safari 6.1.3 and Safari 7.0.3

Safari 6.1.3 and Safari 7.0.3 are now available and address the
following:

WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-2871 : miaubiz
CVE-2013-2926 : cloudfuzzer
CVE-2013-2928 : Google Chrome Security Team
CVE-2013-6625 : cloudfuzzer
CVE-2014-1289 : Apple
CVE-2014-1290 : ant4g0nist (SegFault) working with HP’s Zero Day
Initiative, Google Chrome Security Team
CVE-2014-1291 : Google Chrome Security Team
CVE-2014-1292 : Google Chrome Security Team
CVE-2014-1293 : Google Chrome Security Team
CVE-2014-1294 : Google Chrome Security Team
CVE-2014-1298 : Google Chrome Security Team
CVE-2014-1299 : Google Chrome Security Team, Apple, Renata Hodovan of
University of Szeged / Samsung Electronics
CVE-2014-1300 : Ian Beer of Google Project Zero working with HP’s
Zero Day Initiative
CVE-2014-1301 : Google Chrome Security Team
CVE-2014-1302 : Google Chrome Security Team, Apple
CVE-2014-1303 : KeenTeam working with HP’s Zero Day Initiative
CVE-2014-1304 : Apple
CVE-2014-1305 : Apple
CVE-2014-1307 : Google Chrome Security Team
CVE-2014-1308 : Google Chrome Security Team
CVE-2014-1309 : cloudfuzzer
CVE-2014-1310 : Google Chrome Security Team
CVE-2014-1311 : Google Chrome Security Team
CVE-2014-1312 : Google Chrome Security Team
CVE-2014-1313 : Google Chrome Security Team
CVE-2014-1713 : VUPEN working with HP’s Zero Day Initiative

WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2
Impact: An attacker running arbitary code in the WebProcess may be
able to read arbitrary files despite sandbox restrictions
Description: A logic issue existed in the handling of IPC messages
from the WebProcess. This issue was addressed through additional
validation of IPC messages.
CVE-ID
CVE-2014-1297 : Ian Beer of Google Project Zero

For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.3
and Safari 6.1.3 may be obtained from Mac App Store.

For OS X Lion systems Safari 6.1.3 is available via the Apple
Software Update application.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

—–BEGIN PGP SIGNATURE—–
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools – http://gpgtools.org

iQIcBAEBAgAGBQJTOwlLAAoJEPefwLHPlZEwmPYP/AoGVbrVVEQfbWZ/OMER6jCR
bDN4ykWdExJFRKr972tsirke9mLrDX1Flqg3jYpqrna6lWsZxk1wA/IXy4TRG97O
mpA75r7853lCJ482h5XImTdv6wWqMfTTNR1YzsK+TCLZA3sDlByQ4yshwGWhOf1Q
nY+hPpaC05PEmPeNKMWw6PA9IgA9e84uy0b/3+c2acOUZ9aAYEXmydPySY+5uYLa
ecXjvee83LVTu8Pq2/C9yCJ1kI1EMix6Q3CTb2Cv/Dtgu1q7rZMG7qKieFpMKO2J
xM7RYm1qPNlZ4hf+ZPX+D4+k6g2sZMqYdocdG1qXubk8m314CinHajdsZH9jXDHO
01gnYeMRp2IUBJlClQ7mPyIveJqJV9XpzvMTciuTVEuhzWhMaazzly8dp+8NCu4Q
QShPJKqAq16ACJqqOarwo8xaSumZ3UcKhVrD0Gxo1/dhzO1Hy52yo7WrWLaOVH89
bXPeVMfYIF0V9xysbixNmBIEro0mYDuor/XlXBFicZAjmyGEVE04K4UjenMeDoYO
/1A2zaVyM9MD50y+X/rFErtz2cj7uNcZ1XSNqPdGameoti5WvvoRbKs/D/H7E8bX
p8JDoVJoy46fOBfwNv6eaQYTGYzgtdoEtmTKL3zDauQC1bxI1Jwtma07S97D2SyJ
urMcI/V2h8JnGD4sS/7L
=kHuK
—–END PGP SIGNATURE—–

—–BEGIN PGP SIGNATURE—–
Comment: GPGTools – http://gpgtools.org

iQIcBAEBAgAGBQJTOzs9AAoJEPefwLHPlZEwu5cQAIEyusMsAomboD1wJ6y0qhaF
JUefIANL8rBOVESRb53pg9v3AR8xzwc1P49bEeMGse84r2gI05NAmvN/DPhzBFO/
GX8oCuj6+uYcdi2Du3L6SqOHEFGmxA+9jwBPfOi7makFClGnlZSgLTqyTAXWwbSz
lDcbNo64YAuWTDeJ+Gk26RE9lP27cJ7E/g1UYhK8FS6qZ/dyQjQtDep4BamHGCtB
G1Jo+zVxVcD1xZVejAFgPSV/+8paCXwQeSJ4vfb5CjH1kwdsE9dx7DLjo9gXcmrm
lqnqtCKh24mgbAQ54V732uEVl5K8FNHULPANy6rfI4uMAlj76jH8rDIWZ9ZPIIOy
yFf2YKpQTPKIIX4Ipctm/AZDNZiVkzwozItr5oYItCGD0zkUr2r+l2laMxA7oraN
4qYonMEHWMFQRnLnNNMwzu7K2dfNqvBaeWC12vWJg4+tnol3KzLbYuf0t2QsXna6
UfHoY2lz9dnYCIbjJif5FQCRnbdF7okf//rIR/CEN9JRGp1khQiKa63jN+zENFwz
DhJTPDqxlkNRE+ORDLYPxwTuoEBbBZ3Ks9zOfn8j1sL2vVTmaW3GndAtH4woSGih
xwp4sZNJ5Xfddy+ms0OgrUlbQjEseNh2kJTKGb4KukjzpXJUq1bmKQ0qhN9i93Uh
dMxlpQ2cJ2iOAXQrz4Rz
=Ml6W
—–END PGP SIGNATURE—–
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)