Apple Security Advisory 2023-05-18-8 - Safari 16.5 addresses buffer overflow, code execution, out of bounds read, and use-after-free vulnerabilities.
760d4b141490199d056c3e2fd5a33bfe2577cd0555f9509afc40faff26728f2e
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2023-05-18-8 Safari 16.5
Safari 16.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213762.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing web content may disclose sensitive information
Description: An out-of-bounds read was addressed with improved input
validation.
WebKit Bugzilla: 255075
CVE-2023-32402: an anonymous researcher
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing web content may disclose sensitive information
Description: A buffer overflow issue was addressed with improved memory
handling.
WebKit Bugzilla: 254781
CVE-2023-32423: Ignacio Sanmillan (@ulexec)
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: A remote attacker may be able to break out of Web Content
sandbox. Apple is aware of a report that this issue may have been
actively exploited.
Description: The issue was addressed with improved bounds checks.
WebKit Bugzilla: 255350
CVE-2023-32409: Clément Lecigne of Google's Threat Analysis Group and
Donncha Ó Cearbhaill of Amnesty International’s Security Lab
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing web content may disclose sensitive information. Apple
is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds read was addressed with improved input
validation.
WebKit Bugzilla: 254930
CVE-2023-28204: an anonymous researcher
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution. Apple is aware of a report that this issue may have been
actively exploited.
Description: A use-after-free issue was addressed with improved memory
management.
WebKit Bugzilla: 254840
CVE-2023-32373: an anonymous researcher
Safari 16.5 may be obtained from the Mac App Store.
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmRmqNMACgkQ4RjMIDke
NxkxXRAAgXiL8dPy/qyErjf8JF5I4iJyJW9zQRmnuH5yMvWq1DJhIFnlfBZ0Mo7U
mqp25eCjjev2MOteuPkMKMfXlPbUS4kZyrdZcmg8J2+h9W0SZGVAbdV6BtCGA34s
0ONdEI8YVejnf5/1UI6ndNxRpC5fHHBaOFI+X7NU9iqEe5WETiW8JUrOmFIGaw2W
fTLWhKcxg/LzBCQckSvhxLb/gToJtlRc6/AIZajYh3jZgTfqCI/NKObLzDkNz9BV
V5GURuvKu5qNM4dYGbMdXaUfR5g2EtECBLktxfTPhOvFvFcaW44ZCdpnXDMdNq7v
z7Z0tL73aO6AvH+EwkEssmENljvBjbr3urqpKXYkMgoXQ71Cl6IV22wPiA1NU7TP
X6ltRt2J3TTWTE1LjoKXivWXaEeM00n7JzoXNn8H5Ch9sA29NlZrMFyLycr9qdXO
P8braWLsUZEG7x5ho74wrjnEcIwI5WOSlXVCMMfX0kQt5Qtm9mw4ifMErAuirESc
yAanfRFrgS2MGGZBKUcmZ2zyq6/HAbW5L4YiFHy80kz+ZlxnLFHC+v2Mtl4oEAk8
9/HwxuDMMxK5my5RuaN3+apVVAvUUmJ/SJtMRFkCNVnCMhNGbn2QhuYjWb5btEW7
v/JYR0l1957TxwvrHpiaEi8vZzz/jrBOjMoDilC2hyvkhuNhQy8=
=mDye
-----END PGP SIGNATURE-----