—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4

Safari 6.1.4 and Safari 7.0.4 are now available and address the
following:

WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-2875 : miaubiz
CVE-2013-2927 : cloudfuzzer
CVE-2014-1323 : banty
CVE-2014-1324 : Google Chrome Security Team
CVE-2014-1326 : Apple
CVE-2014-1327 : Google Chrome Security Team, Apple
CVE-2014-1329 : Google Chrome Security Team
CVE-2014-1330 : Google Chrome Security Team
CVE-2014-1331 : cloudfuzzer
CVE-2014-1333 : Google Chrome Security Team
CVE-2014-1334 : Apple
CVE-2014-1335 : Google Chrome Security Team
CVE-2014-1336 : Apple
CVE-2014-1337 : Apple
CVE-2014-1338 : Google Chrome Security Team
CVE-2014-1339 : Atte Kettunen of OUSPG
CVE-2014-1341 : Google Chrome Security Team
CVE-2014-1342 : Apple
CVE-2014-1343 : Google Chrome Security Team
CVE-2014-1344 : Ian Beer of Google Project Zero
CVE-2014-1731 : an anonymous member of the Blink development
community

WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3
Impact: A malicious site can send messages to a connected frame or
window in a way that might circumvent the receiver’s origin check
Description: An encoding issue existed in the handling of unicode
characters in URLs. A maliciously crafted URL could have led to
sending an incorrect postMessage origin. This issue was addressed
through improved encoding/decoding.
CVE-ID
CVE-2014-1346 : Erling Ellingsen of Facebook

For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4
and Safari 6.1.4 may be obtained from Mac App Store.

For OS X Lion systems Safari 6.1.4 is available via the Apple
Software Update application.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

—–BEGIN PGP SIGNATURE—–
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools – http://gpgtools.org

iQIcBAEBAgAGBQJTe6ELAAoJEBcWfLTuOo7tonoP/igNIR7SZEkRvtHHjHIqR2U5
a28aYgzjkALSYDppREpWPMIovnYKZAONabRMJ0r/3LFyl4juBSOsVyBCbUBg8Fpp
GFCsc7x0jva8g1DtPtk/B299GXPBi8fOhEwUIilgTo0+y7ExrgA9wUjCdlWHwPQs
Edbra42Q+52KU+NxWjyeJiPkBIy57p5P0XVnnS3tIxRLHxRed9O8GoNUHcwLhihd
dV5NOBEUvW5Gy2yEhJLZIa64aPOPG3Rz7EA/0zCRiiusLyIGVdyTaOnL4AlHrgh8
BiiAgx3xFUqYiBqCnxAO3gy3CRWhmKukesDKIPmaV27E0cFQ+FkI990oCh8ZSCZg
hi4q5j34mp44Uhr0O068hQyPaA70GAiUVgT/pB7fVS9Z9U0EOPhIvn1IybROP/44
ces9VWOzx9pjzR7OxRmk05mRijnlIQHNzSJp3/DpREDX1DvJxD2vfk8cYFPdweNR
VPFs3acbgOMCpjPLGM3S5HdY/a2UWxolvwR13AnCQ0mFkiD6FsO3z2sgtHdnMkNi
XNW7RMf/7+JesXcNiXYde5iDqE15OPTSWuiYNUHCz9WvSlJmOOSDAZ7F3YBWr+FR
tMEB/TGWZiQmacNiGkY1F4YgF5SqeAHGYeJ2amSycO90+vTU+FLWPCiTWesmu1tG
n/lA21kfHgTURqYVT+xA
=kSr/
—–END PGP SIGNATURE—–

—–BEGIN PGP SIGNATURE—–
Comment: GPGTools – http://gpgtools.org

iQIcBAEBAgAGBQJTfRERAAoJEBcWfLTuOo7tJAQP/0Zgna5NTnqMGSvJqhH4ylh3
sbctnLPTsH2iJoQ04RBdUwtW3XdXDlg1kX8FlPOOQw+6DC77y12241d0DYgTJ3ty
l3W+iYmBvS51t1fJ7GH+ErOueELEXkEqDYeEh8dxBMhUVvl8bpsMt450W3fRrrqF
mq8T30U5178XQzlBo2eu2vZTRl7r3E7KLuDPCh4vCMf1F/y+/qSsC9aaXTwFObjp
/6rKzW9IBSOtsvUKTXbZbCcdL25IDBZCjslRlBWncu9cGnena9Evs7ujHfGwxW2I
d2G/NCk7a/S2b/CvAssnMoVaNQzyIjFB6aZ+Ig3TXSMyCiDEoIiP3S1Fae1ECv3O
smeDE4BqCugnrvd3z6puHy9OZargkz+JQie/C4xHppVd2/6FoJbgVHjeWkRpEKDK
H5u81lEs52Rdasp1AkbKB9MUkI+1FTXazRTNxRzuwVFDUysFog5ytELqeIt6DRLT
RJOwdGg2hbb8B/2icNZ+prTkIZPjTo809gQr5/Usi4i69Pw5xzJJRaKAK5R3B47D
NqtxRL2IO8TT+e6z4QaP0TGmaXnkoOxSFosAUMI9ZD+H9sAQZFEvkTK+Tf/0jKqj
qHlTNYHY3xMlItc6IRH7AiCTyADd7h/ard1z40hSlrY/cp7F+vdxEGaPuhT73bqw
z6icaMZB1bPSU8Y+MiCo
=Os6J
—–END PGP SIGNATURE—–
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)