6 matches found
CVE-2020-9801
A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.1. A malicious process may cause Safari to launch an application...
CVE-2020-9801
creationtimestamp| type| source ---|---|--- 2020-10-01 14:59:34+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/browser/safariinoperatorsideeffect.rb 2025-02-06 03:13:44+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:32+00:00|...
Safari Type Confusion / Sandbox Escape Exploit
This Metasploit module exploits an incorrect side-effect modeling of the 'in' operator. The DFG compiler assumes that the 'in' operator is side-effect free, however the embed element with the PDF plugin provides a callback that can trigger side-effects leading to type confusion CVE-2020-9850. The...
CVE-2020-9801
A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.1. A malicious process may cause Safari to launch an application...
CVE-2020-9801
CVE-2020-9801 (Safari) describes a logic issue in Safari fixed in Safari 13.1.1. A malicious process could cause Safari to launch an application. Affected component is Safari’s WebKit on macOS (local attack vector with low/moderate impact per CVSS). The public records consistently state the fix i...
About the security content of Safari 13.1.1 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...