exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Security Advisory 2020-07-15-5

Apple Security Advisory 2020-07-15-5
Posted Jul 17, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-07-15-5 - Safari 13.1.2 is now available and addresses bypass, code execution, cross site scripting, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution, xss
systems | apple
advisories | CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9903, CVE-2020-9910, CVE-2020-9911, CVE-2020-9912, CVE-2020-9915, CVE-2020-9916, CVE-2020-9925
SHA-256 | 1b421a85bd25a29d1a8ef8a33834c09f9a1e2d31199a42034e2f2c283033a74a

Apple Security Advisory 2020-07-15-5

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2020-07-15-5 Safari 13.1.2

Safari 13.1.2 is now available and addresses the following:

Safari Downloads
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: A malicious attacker may be able to change the origin of a
frame for a download in Safari Reader mode
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9912: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)

Safari Login AutoFill
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: A malicious attacker may cause Safari to suggest a password
for the wrong domain
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9903: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)

Safari Reader
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: An issue in Safari Reader mode may allow a remote attacker to
bypass the Same Origin Policy
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9911: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)

WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative

WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Processing maliciously crafted web content may prevent
Content Security Policy from being enforced
Description: An access issue existed in Content Security Policy.
This issue was addressed with improved access restrictions.
CVE-2020-9915: an anonymous researcher

WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2020-9925: an anonymous researcher

WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative
CVE-2020-9895: Wen Xu of SSLab, Georgia Tech

WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: Multiple issues were addressed with improved logic.
CVE-2020-9910: Samuel Groß of Google Project Zero

WebKit Page Loading
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: A malicious attacker may be able to conceal the destination
of a URL
Description: A URL Unicode encoding issue was addressed with improved
state management.
CVE-2020-9916: Rakesh Mane (@RakeshMane10)

WebKit Web Inspector
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Copying a URL from Web Inspector may lead to command
injection
Description: A command injection issue existed in Web Inspector. This
issue was addressed with improved escaping.
CVE-2020-9862: Ophir Lojkine (@lovasoa)

Installation note:

Safari 13.1.2 may be obtained from the Mac App Store.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8PNx4ACgkQBz4uGe3y
0M2+ZQ/7ByKUtmzMw18WfXzQZlxvfEulMz/QgCiHe1VvmHh1OuMspM9Et3AIVnZP
wU1IfSeOKp9y62L8pPAU1mg/BnqXx2vNsoDrZq7dcPYIDTrfGsZQRrYy66E2VA9P
TQyIeY8ZWXG8jKJ4kBczu/hmy+q+0HVNlZcU4Q4PsjkE0p53DzSSuPgBbqN5fXlr
fbZthRYEa1jXfI/om7NLYAu9rLw/2ngXZjI1PR3m4iRbNBG4gqXXQ7Sl5xVz4oDv
Nb6PbR8LTQCdmLaq8gXfc4koEnCsFK1k1194nXgYg88hlbT/zqO55Fiofw9y70aK
NC0JJFznC3DT5wgZHE9j5/g1USrC34OTZNenipud4VWFm2gTamgGe7c0Bji3NLeG
buHa13M7Z2PpGmB/fszdipj8iLvm3uRZjVJtHDOxmuztriTFwpytk2TwlzayW+/v
l4knuEohMnHQljRsQgLC9jzs2/udAXWxW7lv7FNGlfnxHJVY+cC9vNl7PPeGNaed
4khxlLZUn2Bc5gog8GZv0ryuWLvmlo4XVkZSnrsOXHlP0oseSJntz9/GxcAgCRww
PoFu8DOc9f6orbNsQEF3ZbCyXVG/EwSKOmQPtP1ihv+yjamDGw8yNd61/qqDvwIT
db5tmKrslK49r8jkup7RuiKpgRgXI29dws+qwIV4808FNZQaYzU=
=hpCf
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close