[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [FD] APPLE-SA-12-11-2023-1 Safari 17.2
From:       Apple Product Security via Fulldisclosure <fulldisclosure () seclists ! org>
Date:       2023-12-12 0:44:56
Message-ID: 25F90123-CF48-4999-B4AF-0A01CD31AA99 () lists ! apple ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-12-11-2023-1 Safari 17.2

Safari 17.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214039.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Monterey and macOS Ventura
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 259830
CVE-2023-42890: Pwn2car

WebKit
Available for: macOS Monterey and macOS Ventura
Impact: Processing an image may lead to a denial-of-service
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 263349
CVE-2023-42883: Zoom Offensive Security Team

Additional recognition

WebKit
We would like to acknowledge 椰椰 for their assistance.

Safari 17.2 may be obtained from the Mac App Store.
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmV3qHYACgkQX+5d1TXa
IvrySQ//Vq51iOyJ6MSRrpDiHpGirOlERHrqP6GcnGX1bEiAhoEhni2Tw2LZMrv9
4ZybEPdAwbWwSzF9YquyF/DfMNFGORiFwuHgv6mZZACIjNzYhWPmTCJGDBe3yH63
poIdsPnW/JmZEu38WzPlh81RfCH85vvltk4BWPCfQ0BJkWshVIeONjgb6hI5LJi5
fHtvzB8IZObKb2uyaBiLWcaBJjWyUp1ZxeQ/yWV1r/+2hnVLx8s6pEikQvpN+54f
FgSFOpy2FlzM4JGZDJZUUG3zviM34EKetwm3spRiQCZMmwNZ1aL0fYRh0Sdo3GlV
AYjMYskkmk4jp/9f8Ydk2modG2cgEthCX5xwD6OATVaBJ6UvXitV/3UeRLyYg7ps
DVGcZ9Xfdqu6bNDDoSt+6oU/VTzY85AjJzYeCDKwzpUvnXh3MyrRZm5knu/nkXDY
ocChCMEK2FlqvfTN7YZ8kqXUkXhC2nUPz/pA5VlLJis65OBNnTN6LqQL7FIhvLOq
IO8ghOu2RAe20Q9l9Ys8RKRdIn06QbsC62y3T2hTAh8w79Qx0BgDLxUmuE9CQ6iN
my6BunZQf0FiVSfcwFcmlCwTsC4ivzs8vB4PJ8I9ZdwlIwbF+TrkwWTLb/LP6O19
UsBwoVmtn634XT+7oZ99lYpTtvvRzEvBXXU/fNxVXQq4EUQy2wM=
=e+C8
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic