APPLE-SA-2019-3-25-4 Safari 12.1

Safari 12.1 is now available and addresses the following:

Safari Reader
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-6204: Ryan Pickren (ryanpickren.com)
CVE-2019-8505: Ryan Pickren (ryanpickren.com)

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-8506: Samuel Groß of Google Project Zero

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-6201: dwfault working with ADLab of Venustech
CVE-2019-8518: Samuel Groß of Google Project Zero
CVE-2019-8523: Apple
CVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative
CVE-2019-8558: Samuel Groß of Google Project Zero
CVE-2019-8559: Apple
CVE-2019-8563: Apple

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A cross-origin issue existed with the fetch API. This
was addressed with improved input validation.
CVE-2019-8515: James Lee (@Windowsrcer)

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8536: Apple
CVE-2019-8544: an anonymous researcher

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-7285: dwfault working at ADLab of Venustech
CVE-2019-8556: Apple

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: A malicious website may be able to execute scripts in the
context of another website
Description: A logic issue was addressed with improved validation.
CVE-2019-8503: Linus Särud of Detectify

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A validation issue was addressed with improved logic.
CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-8562: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of
Chaitin Security Research Lab

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-8551: Ryan Pickren (ryanpickren.com)

Additional recognition

Safari
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.

WebKit
We would like to acknowledge Andrey Kovalev of Yandex Security Team
for their assistance.

Installation note:

Safari 12.1 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

APPLE-SA-2019-3-25-4 Safari 12.1的更多相关文章

  1. [2019.03.25]Linux中的查找

    TMUX天下第一 全世界所有用CLI Linux的人都应该用TMUX,我爱它! ======================== 以下是正文 ======================== Linu ...

  2. Alpha冲刺(2/10)——2019.4.25

    所属课程 软件工程1916|W(福州大学) 作业要求 Alpha冲刺(2/10)--2019.4.25 团队名称 待就业六人组 1.团队信息 团队名称:待就业六人组 团队描述:同舟共济扬帆起,乘风破浪 ...

  3. Beta冲刺(4/7)——2019.5.25

    所属课程 软件工程1916|W(福州大学) 作业要求 Beta冲刺(4/7)--2019.5.25 团队名称 待就业六人组 1.团队信息 团队名称:待就业六人组 团队描述:同舟共济扬帆起,乘风破浪万里 ...

  4. [MP3]MP3固件持续分享(2019.1.25)

    转载自我的博客:https://blog.ljyngup.com/archives/179.html/ 所有的固件到我的博客就可以下载哦 最后更新于2019.2.1 前言 这篇文章会持续更新不同型号的 ...

  5. IntelliJ IDEA 2018.3.3配置 Tomcat 9,控制台出现中文乱码 “淇℃伅”(2019/01/25)

    (win10系统) 全新idea配置全新版本Tomcat突遇 “淇℃伅”,网上大部分解决方案均已失效 似乎是idea与Tomcat命令行输出格式不一致所致,千辛万苦在某一小角落发现这个方法,一针见血, ...

  6. Selenium对浏览器支持的版本【2019/10/25更新】

    最新的selenium与几种常用浏览器的版本兼容情况:(以下驱动,点击直接跳转官方下载地址) 尽量选择最新版本-1的浏览器,比如最新的是60,那就使用59.(建议Chrome更新至72+版本.Fire ...

  7. 2019.03.25 bzoj4572: [Scoi2016]围棋(轮廓线dp)

    传送门 题解可以参见zjjzjjzjj神仙的,写的很清楚. 代码: #include<bits/stdc++.h> #define ri register int using namesp ...

  8. 2019.03.25 bzoj2329: [HNOI2011]括号修复(fhq_treap)

    传送门 题意简述: 给一个括号序列,要求支持: 区间覆盖 区间取负 区间翻转 查询把一个区间改成合法括号序列最少改几位 思路: 先考虑静态的时候如何维护答案. 显然把所有合法的都删掉之后序列长这样: ...

  9. 2019.4.25 表格表单与HTML5 && CSS3

    目录 表格 标签 属性 表格间距离 表格的内边距 表格的边框 样式 边框合并 行合并 列合并 display 表单 标签 属性 提交的网址 请求方式 input相关 扩大响应范围 字符 密码 单选框 ...

随机推荐

  1. mybatis 错误

    org.mybatis.spring.MyBatisSystemException: nested exception is org.apache.ibatis.exceptions.TooManyR ...

  2. 故障公告:docker swarm集群“群龙无首”造成部分站点无法访问

    今天傍晚 17:38-18:18 左右,由于 docker swarm 集群出现 "The swarm does not have a leader" 问题,造成博问.闪存.园子. ...

  3. 基于 HTML5 的 WebGL 和 VR 技术的 3D 机房数据中心可视化

    前言 在 3D 机房数据中心可视化应用中,随着视频监控联网系统的不断普及和发展, 网络摄像机更多的应用于监控系统中,尤其是高清时代的来临,更加快了网络摄像机的发展和应用. 在监控摄像机数量的不断庞大的 ...

  4. Kubernetes的本质

    在前面的四篇文章中,我以 Docker 项目为例,一步步剖析了 Linux 容器的具体实现方式.通过这 些讲解你应该能够明白:一个“容器”,实际上是一个由 Linux Namespace.Linux ...

  5. Linux(Ubuntu)使用日记(七)------终端控制器Terminator安装使用

    1.目的 实现分屏效果,如图: 如果使用系统自带的终端,可能会使这种效果: 综上所述,知道我们为什么要安装Terminator了吧. 2.安装过程 Terminator 的安装非常方便,在 Ubunt ...

  6. 三、数据API-3

    预备 返回格式需要包括: // Code 状态码(200,400等) // Msg 提示信息(邮箱格式不正确:数据返回成功等) // Result 返回数据 一.WebAPI与传统MVC的区别是 MV ...

  7. 使用chrome开发者工具中的network面板测量网站网络性能

    前面的话 Chrome 开发者工具是一套内置于Google Chrome中的Web开发和调试工具,可用来对网站进行迭代.调试和分析.使用 Network 面板测量网站网络性能.本文将详细介绍chrom ...

  8. Vim简明学习

    前面的话 在linux云服务器上的编辑器默认是vim,类似于windows系统中的记事本,页面简洁,但入门不易.本文将介绍Vim的基础使用 操作模式 vim编辑器有三种模式: 1.命令模式(等待用户输 ...

  9. Apache Beam实战指南 | 手把手教你玩转大数据存储HdfsIO

    https://mp.weixin.qq.com/s?__biz=MzU1NDA4NjU2MA==&mid=2247494843&idx=2&sn=0dd20caec76e25 ...

  10. uImage

    linux内核经过编译后会生成一个ELF格式的可执行程序,叫vmlinux或vmlinuz,是原始的未经任何处理加工的原版内核ELF文件:嵌入式系统烧录的一般不是这个vmlinuz/vmlinux,而 ...