what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Security Advisory 2017-05-15-7

Apple Security Advisory 2017-05-15-7
Posted May 16, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-05-15-7 - Safari 10.1.1 is now available and addresses denial of service, spoofing, code execution, and various other vulnerabilities.

tags | advisory, denial of service, spoof, vulnerability, code execution
systems | apple
advisories | CVE-2017-2495, CVE-2017-2496, CVE-2017-2499, CVE-2017-2500, CVE-2017-2504, CVE-2017-2505, CVE-2017-2506, CVE-2017-2508, CVE-2017-2510, CVE-2017-2511, CVE-2017-2514, CVE-2017-2515, CVE-2017-2521, CVE-2017-2525, CVE-2017-2526, CVE-2017-2528, CVE-2017-2530, CVE-2017-2531, CVE-2017-2536, CVE-2017-2538, CVE-2017-2539, CVE-2017-2544, CVE-2017-2547, CVE-2017-2549, CVE-2017-6980, CVE-2017-6984
SHA-256 | f184953a7037280d7e4e373cfd587685f3e1437bdc9f7b89a0745d9c829ee388

Apple Security Advisory 2017-05-15-7

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-05-15-7 Safari 10.1.1

Safari 10.1.1 is now available and addresses the following:

Safari
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Visiting a maliciously crafted webpage may lead to an
application denial of service
Description: An issue in Safari's history menu was addressed through
improved memory handling.
CVE-2017-2495: Tubasa Iinuma (@llamakko_cafe) of Gehirn Inc.

Safari
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-2500: Zhiyang Zeng and Yuyang Zhou of Tencent Security
Platform Department
CVE-2017-2511: Zhiyang Zeng of Tencent Security Platform Department

WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-2496: Apple
CVE-2017-2505: lokihardt of Google Project Zero
CVE-2017-2506: Zheng Huang of the Baidu Security Lab working with
Trend Microas Zero Day Initiative
CVE-2017-2514: lokihardt of Google Project Zero
CVE-2017-2515: lokihardt of Google Project Zero
CVE-2017-2521: lokihardt of Google Project Zero
CVE-2017-2525: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab (
tencent.com) working with Trend Microas Zero Day Initiative
CVE-2017-2526: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab
(tencent.com) working with Trend Microas Zero Day Initiative
CVE-2017-2530: Wei Yuan of Baidu Security Lab
CVE-2017-2531: lokihardt of Google Project Zero
CVE-2017-2538: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
CVE-2017-2539: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
CVE-2017-2544: 360 Security (@mj0011sec) working with Trend Micro's
Zero Day Initiative
CVE-2017-2547: lokihardt of Google Project Zero,
Team Sniper (Keen Lab and PC Mgr) working with Trend Micro's Zero Day
Initiative
CVE-2017-6980: lokihardt of Google Project Zero
CVE-2017-6984: lokihardt of Google Project Zero

WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit Editor
commands. This issue was addressed with improved state management.
CVE-2017-2504: lokihardt of Google Project Zero

WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit
container nodes. This issue was addressed with improved state
management.
CVE-2017-2508: lokihardt of Google Project Zero

WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of pageshow
events. This issue was addressed with improved state management.
CVE-2017-2510: lokihardt of Google Project Zero

WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit cached
frames. This issue was addressed with improved state management.
CVE-2017-2528: lokihardt of Google Project Zero

WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues with addressed through
improved memory handling.
CVE-2017-2536: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative

WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in frame loading. This issue was
addressed with improved state management.
CVE-2017-2549: lokihardt of Google Project Zero

WebKit Web Inspector
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: An application may be able to execute unsigned code
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2499: George Dan (@theninjaprawn)

Installation note:

Safari 10.1.1 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJZGdmMAAoJEIOj74w0bLRGxi0P/RqhFhUl2dpkTY8fSc/Wpzub
wuddiZwq3N6DDOioJuKYj0SfO0xazfb5IC2a+YOlQ7CwnorOw648O6PFTTLnTGun
fJwP+aIovFdL6h4NuyBRZJvSxXQSCdlV2gBcDCOdc0SmHGHjk87u0bjTvPY4P34z
Jfr0+Q0wNCAVgd/DQbreJFQzHaGieQ6heGRoFB/ag17f9DRyxmhCLxdn1XmKIXWV
/602XgwLnlpVBAFRDmNNSjkF4C2/qoUGyCQR1WrkwoN2L4wQ1mxxNKNBzlSH8AzY
RlV3UdnFJMrdddOkMc7GTgSwMWhyD84YrcpGuxL1ImIiyafZ7DCc3fZWUSgMIhE2
FwCBnga4qlqCzaNeZPpTfbufROHansUBy8FQds1IDm62nm4mw4IJeuortlrBtFLf
Zo/P4ftzTG8gihkcOhg1ew8KW8hi5WeH554zIYVMZA839bfWr7B9ebjw3Run0Uka
M7abLl4l1fvWluB+LHt5m65knnw6biNDs8gw5xkBLwDFU4zc3Z5Q/G/AiL9pe1Yz
wE5MUiECDy3WrVaCptkjXdvJiev+KjrQnHkd0ui56sS9MjrP+f2P1OZCfcqmlibJ
+U6YIErsplfR9FIaaf+ntlEV5f9BBeq0VHfQJfigwVD5bHUFBSr4ZHq9/9NEDoGu
Kh8ARPteimq+z9WoNkT/
=H1Pv
-----END PGP SIGNATURE-----



Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close