APPLE-SA-2014-06-30-1 Safari 6.1.5 and Safari 7.0.5

2014-08-04T00:00:00
ID SECURITYVULNS:DOC:30967
Type securityvulns
Reporter Securityvulns
Modified 2014-08-04T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2014-06-30-1 Safari 6.1.5 and Safari 7.0.5

Safari 6.1.5 and Safari 7.0.5 are now available and address the following:

WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2014-1325 : Apple CVE-2014-1340 : Apple CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics

WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: Dragging a URL from a maliciously crafted website to another window could lead to the disclosure of local file content Description: Dragging a URL from a maliciously crafted website to another window could have allowed the malicious site to access a file:// URL. This issue was addressed through improved validation of dragged resources. CVE-ID CVE-2014-1369 : Aaron Sigel of vtty.com

WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook

For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.5 and Safari 6.1.5 may be obtained from Mac App Store.

For OS X Lion systems Safari 6.1.5 is available via the Apple Software Update application.

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTsaPHAAoJEBcWfLTuOo7taK8P/0tThtNLog6ssE+iBRlBRtlu pdjDkqF5N5b71I00+DWhpxasEmsrmc7j5XXzbqaH/I3eWx9rRSHYTxon3gXHv8xY K4N1eUb/taHUaSJDH9mfzTvmxZf8x1EGsBQDmDpotXVtwW5h3uYxYsjAoG6g/MZO i74ggPKp3XnjSa/DPEJIXXZTTZrYDCBnDOE1By/vOVBshUy6/M8pWNd56gjYrYm9 VqJjeR9ZRc7RTkmbpJGOphjJ9/N/5oLinDV9cpObPktFhrG/RO90gGLorvtqG4NJ i9iOw2XHnX59TvmELjWHDJKD4NbGDSSl9eOW1iHQfLb5rt6yr7eNPfQDJMqYQKYh oViKYvhyRlOM5W56Xs6d39IJuHy43UkjPHU6frh5hrR+08WaVYfwNEhGf7iUzkPG Ln6quTg8hvQivHsmBnQ1fgYwcCc09QkAI9BtiLJqW+9Nk4KxKDB6ZBUFvp1z/ELZ SHRyb52FAo0yukNDjYqdp9l7QjhCzYpHdwZZGpgVmnroQPdBa+sJqBGiNRQd6Qun 1K5Rn3CaPAIft21L5aCju0uIouo8g56SBo9+bXCdDPpMmV3CSCRtU/aWfHWOE9D7 /MN0FCa6EQXKz15zBRMCmHY6QWAexM//gdrnLBx8ndLS1y59+hL/fz7PJ1pGtJa9 9Q6eqCFTMNIRoGCOsp8M =Hhsf -----END PGP SIGNATURE-----