APPLE-SA-2019-3-25-4 Safari 12.1

Safari 12.1 is now available and addresses the following:

Safari Reader
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-6204: Ryan Pickren (ryanpickren.com)
CVE-2019-8505: Ryan Pickren (ryanpickren.com)

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-8506: Samuel Groß of Google Project Zero

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-6201: dwfault working with ADLab of Venustech
CVE-2019-8518: Samuel Groß of Google Project Zero
CVE-2019-8523: Apple
CVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative
CVE-2019-8558: Samuel Groß of Google Project Zero
CVE-2019-8559: Apple
CVE-2019-8563: Apple

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A cross-origin issue existed with the fetch API. This
was addressed with improved input validation.
CVE-2019-8515: James Lee (@Windowsrcer)

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8536: Apple
CVE-2019-8544: an anonymous researcher

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-7285: dwfault working at ADLab of Venustech
CVE-2019-8556: Apple

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A logic issue was addressed with improved validation.
CVE-2019-8503: Linus Särud of Detectify

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A validation issue was addressed with improved logic.
CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-8562: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of
Chaitin Security Research Lab

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-8551: Ryan Pickren (ryanpickren.com)

Additional recognition

Safari
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.

WebKit
We would like to acknowledge Andrey Kovalev of Yandex Security Team
for their assistance.

Installation note:

Safari 12.1 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

APPLE-SA-2019-3-25-4 Safari 12.1的更多相关文章

  1. [2019.03.25]Linux中的查找

    TMUX天下第一 全世界所有用CLI Linux的人都应该用TMUX,我爱它! ======================== 以下是正文 ======================== Linu ...

  2. Alpha冲刺(2/10)——2019.4.25

    所属课程 软件工程1916|W(福州大学) 作业要求 Alpha冲刺(2/10)--2019.4.25 团队名称 待就业六人组 1.团队信息 团队名称:待就业六人组 团队描述:同舟共济扬帆起,乘风破浪 ...

  3. Beta冲刺(4/7)——2019.5.25

    所属课程 软件工程1916|W(福州大学) 作业要求 Beta冲刺(4/7)--2019.5.25 团队名称 待就业六人组 1.团队信息 团队名称:待就业六人组 团队描述:同舟共济扬帆起,乘风破浪万里 ...

  4. [MP3]MP3固件持续分享(2019.1.25)

    转载自我的博客:https://blog.ljyngup.com/archives/179.html/ 所有的固件到我的博客就可以下载哦 最后更新于2019.2.1 前言 这篇文章会持续更新不同型号的 ...

  5. IntelliJ IDEA 2018.3.3配置 Tomcat 9,控制台出现中文乱码 “淇℃伅”(2019/01/25)

    (win10系统) 全新idea配置全新版本Tomcat突遇 “淇℃伅”,网上大部分解决方案均已失效 似乎是idea与Tomcat命令行输出格式不一致所致,千辛万苦在某一小角落发现这个方法,一针见血, ...

  6. Selenium对浏览器支持的版本【2019/10/25更新】

    最新的selenium与几种常用浏览器的版本兼容情况:(以下驱动,点击直接跳转官方下载地址) 尽量选择最新版本-1的浏览器,比如最新的是60,那就使用59.(建议Chrome更新至72+版本.Fire ...

  7. 2019.03.25 bzoj4572: [Scoi2016]围棋(轮廓线dp)

    传送门 题解可以参见zjjzjjzjj神仙的,写的很清楚. 代码: #include<bits/stdc++.h> #define ri register int using namesp ...

  8. 2019.03.25 bzoj2329: [HNOI2011]括号修复(fhq_treap)

    传送门 题意简述: 给一个括号序列,要求支持: 区间覆盖 区间取负 区间翻转 查询把一个区间改成合法括号序列最少改几位 思路: 先考虑静态的时候如何维护答案. 显然把所有合法的都删掉之后序列长这样: ...

  9. 2019.4.25 表格表单与HTML5 && CSS3

    目录 表格 标签 属性 表格间距离 表格的内边距 表格的边框 样式 边框合并 行合并 列合并 display 表单 标签 属性 提交的网址 请求方式 input相关 扩大响应范围 字符 密码 单选框 ...

随机推荐

  1. SQL 数据类型

    Microsoft Access.MySQL 以及 SQL Server 所使用的数据类型和范围. Microsoft Access 数据类型 数据类型 描述 存储 Text 用于文本或文本与数字的组 ...

  2. 12-tinyMCE文本编辑器+图片上传预览+页面倒计时自动跳转

    文本编辑器插件:1.将tinymce文件夹全部复制到webContent下2.tinymce/js目录下放 jquery等三个js文件3.语言包:tinymce/js/tinymce/langs目录下 ...

  3. JDK内置工具使用(jps、jstack、jmap、jstat)

    一.JPS 1.jps -lvm:用于查看当前机器上已装载的jvm 二.jstackjstack命令主要用来查看Java线程的调用堆栈的,可以用来分析线程问题(如死锁) 1.jstack -l pid ...

  4. 基于SpringMVC拦截器和注解实现controller中访问权限控制

    SpringMVC的拦截器HandlerInterceptorAdapter对应提供了三个preHandle,postHandle,afterCompletion方法. preHandle在业务处理器 ...

  5. mac 版 Pycharm 激活

    mac 版 Pycharm 激活   获取注册码地址: http://idea.lanyus.com 输入注册码之后可能会报 this license XXXXXXXX has been cancel ...

  6. 装饰器模式以及Laravel框架下的中间件应用

    Laravel框架的中间件使用:从请求进来到响应返回,经过中间件的层层包装,这种场景很适合用到一种设计模式---装饰器模式. 装饰器模式的作用,多种外界因素改变对象的行为.使用继承的方式改变行为不太被 ...

  7. TestNG安装及使用

    安装:https://www.cnblogs.com/xusweeter/p/6559196.html使用:https://www.cnblogs.com/liwu/p/5113936.html 作用 ...

  8. linkedin 第三方网站登录(JavaScript SDK)

    官网:https://developer.linkedin.com/docs/oauth2 一.配置LinkedIn应用程序 a.创建一个应用  |  https://www.linkedin.com ...

  9. AOP从静态代理到动态代理 Emit实现

    [前言] AOP为Aspect Oriented Programming的缩写,意思是面向切面编程的技术. 何为切面? 一个和业务没有任何耦合相关的代码段,诸如:调用日志,发送邮件,甚至路由分发.一切 ...

  10. Python进阶4---Python的文件IO

     文件操作 体存储单元,包括随机存储器(RAM),只读存储器(ROM),以及高速缓存(CACHE).只不过因为RAM是其中最重要的存储器. 通常所说的内存即指电脑系统中的RAM.RAM要求每时每刻都不 ...