—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

APPLE-SA-2014-06-30-1 Safari 6.1.5 and Safari 7.0.5

Safari 6.1.5 and Safari 7.0.5 are now available and address the
following:

WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2014-1325 : Apple
CVE-2014-1340 : Apple
CVE-2014-1362 : Apple, miaubiz
CVE-2014-1363 : Apple
CVE-2014-1364 : Apple
CVE-2014-1365 : Apple, Google Chrome Security Team
CVE-2014-1366 : Apple
CVE-2014-1367 : Apple
CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech)
CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung
Electronics

WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3
Impact: Dragging a URL from a maliciously crafted website to another
window could lead to the disclosure of local file content
Description: Dragging a URL from a maliciously crafted website to
another window could have allowed the malicious site to access a
file:// URL. This issue was addressed through improved validation of
dragged resources.
CVE-ID
CVE-2014-1369 : Aaron Sigel of vtty.com

WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3
Impact: A maliciously crafted website may be able to spoof its
domain name in the address bar
Description: A spoofing issue existed in the handling of URLs. This
issue was addressed through improved encoding of URLs.
CVE-ID
CVE-2014-1345 : Erling Ellingsen of Facebook

For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.5
and Safari 6.1.5 may be obtained from Mac App Store.

For OS X Lion systems Safari 6.1.5 is available via the Apple
Software Update application.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

—–BEGIN PGP SIGNATURE—–
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools – http://gpgtools.org

iQIcBAEBAgAGBQJTsaPHAAoJEBcWfLTuOo7taK8P/0tThtNLog6ssE+iBRlBRtlu
pdjDkqF5N5b71I00+DWhpxasEmsrmc7j5XXzbqaH/I3eWx9rRSHYTxon3gXHv8xY
K4N1eUb/taHUaSJDH9mfzTvmxZf8x1EGsBQDmDpotXVtwW5h3uYxYsjAoG6g/MZO
i74ggPKp3XnjSa/DPEJIXXZTTZrYDCBnDOE1By/vOVBshUy6/M8pWNd56gjYrYm9
VqJjeR9ZRc7RTkmbpJGOphjJ9/N/5oLinDV9cpObPktFhrG/RO90gGLorvtqG4NJ
i9iOw2XHnX59TvmELjWHDJKD4NbGDSSl9eOW1iHQfLb5rt6yr7eNPfQDJMqYQKYh
oViKYvhyRlOM5W56Xs6d39IJuHy43UkjPHU6frh5hrR+08WaVYfwNEhGf7iUzkPG
Ln6quTg8hvQivHsmBnQ1fgYwcCc09QkAI9BtiLJqW+9Nk4KxKDB6ZBUFvp1z/ELZ
SHRyb52FAo0yukNDjYqdp9l7QjhCzYpHdwZZGpgVmnroQPdBa+sJqBGiNRQd6Qun
1K5Rn3CaPAIft21L5aCju0uIouo8g56SBo9+bXCdDPpMmV3CSCRtU/aWfHWOE9D7
/MN0FCa6EQXKz15zBRMCmHY6QWAexM//gdrnLBx8ndLS1y59+hL/fz7PJ1pGtJa9
9Q6eqCFTMNIRoGCOsp8M
=Hhsf
—–END PGP SIGNATURE—–

—–BEGIN PGP SIGNATURE—–
Comment: GPGTools – http://gpgtools.org

iQIcBAEBAgAGBQJTsadDAAoJEBcWfLTuOo7t1mMQAKSKhGYdWKEGNcuvcDwzpxip
A1YzKFqZDoC83af5cJFLJkkH2hGj1ohdfVC1MI75MdybyWxwZkVZSLnI59Z/2n/5
RvEwLexmxLRV6VE88L95bQNDkE+ENdRGdcxQpmKI+RSHRFGBj2FblGmf6sVY5Rdo
oLoY86o/Px+sBMfxBQ+DFCbvSMgVUj2Ohqj4CrbMGMiXrccKKtNd3dvNe93uUTwO
BcoHIHCg3KzzDbwudy+1HLRS3/es2Grcw0CQyX/kJfRALGRk8FCRMJ2y/LnzfNIG
eHR4mBv/uVc5JVdZplOYh9gaqmi8Zqlgl+bx7dQbA5NQbVoXTTqbsoeM5Z44IHwM
brXGmax3ny/zN+KOA9bsLxRVgIcNZEgrJCCruI9Ryw4nLNn513MJ6sTstt1DoH4P
xMUEijEmFZvVaXicfu9we8leqA/IH0Mp2u+QUHoYgI41bBVDvvaEWEJNO71VGSU0
g4yWuuqEu+CD0j05a8zjEjPtgLc9ha0h1agaWl85Zm90/vAHi6hOFf2Djb2v15gJ
SWBu3IX9PQofz0fmJWz7dFpJSugl8+WlnH0fWYb7v9bkJJvrjjxBSecobZw2mNPh
GGNhxuULeaXb1ViFIssBoZMgn56bshRsYUJ4z+O8vCwTNK7o+BSL5H9LzgAf1DW0
CuBnZcwiR1faU350Btle
=Hba0
—–END PGP SIGNATURE—–
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)