Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

APPLE-SA-2018-10-30-3 Safari 12.0.1

Related Vulnerabilities: CVE-2018-4374   CVE-2018-4377   CVE-2018-4372   CVE-2018-4373   CVE-2018-4375   CVE-2018-4376   CVE-2018-4382   CVE-2018-4386   CVE-2018-4392   CVE-2018-4416   CVE-2018-4409   CVE-2018-4378  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="7"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#8">By Date</a>
<a href="9"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="7"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#8">By Thread</a>
<a href="9"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>

</div>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">APPLE-SA-2018-10-30-3 Safari 12.0.1</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->


<em>From</em>: Apple Product Security &lt;product-security-noreply () lists apple com&gt;


<em>Date</em>: Tue, 30 Oct 2018 11:58:18 -0700


<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2018-10-30-3 Safari 12.0.1

Safari 12.0.1 is now available and addresses the following:

Safari Reader
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
macOS Mojave 10.14
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2018-4374: Ryan Pickren (ryanpickren.com)

Safari Reader
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
macOS Mojave 10.14
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A cross-site scripting issue existed in Safari. This
issue was addressed with improved URL validation.
CVE-2018-4377: Ryan Pickren (ryanpickren.com)

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
macOS Mojave 10.14
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST
Softsec Lab, Korea
CVE-2018-4373: ngg, alippai, DirtYiCE, KT of Tresorit working with
Trend Micro's Zero Day Initiative
CVE-2018-4375: Yu Haiwan and Wu Hongjun From Nanyang Technological
University working with Trend Micro's Zero Day Initiative
CVE-2018-4376: 010 working with Trend Micro's Zero Day Initiative
CVE-2018-4382: lokihardt of Google Project Zero
CVE-2018-4386: lokihardt of Google Project Zero
CVE-2018-4392: zhunki of 360 ESG Codesafe Team
CVE-2018-4416: lokihardt of Google Project Zero

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
macOS Mojave 10.14
Impact: A malicious website may be able to cause a denial of service
Description: A resource exhaustion issue was addressed with improved
input validation.
CVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
macOS Mojave 10.14
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4378: an anonymous researcher, zhunki of 360 ESG Codesafe
Team

Installation note:

Safari 12.0.1 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: <a rel="nofollow" href="https://support.apple.com/kb/HT201222">https://support.apple.com/kb/HT201222</a>

This message is signed with Apple's Product Security PGP key,
and details are available at:
<a rel="nofollow" href="https://www.apple.com/support/security/pgp/">https://www.apple.com/support/security/pgp/</a>
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FPTg//
STcxE6luaSi4t7Jt9knpNxqjFFb4LiAz5dNKD/v9opE3Fq+hiAgOq89qMYEwU3Uf
LehaD3FZvp9dw8TlMNuhg/9SzORBmDBSbncuX6D9jerd8SSTF4Sk8sBrvpipTzU9
wrhqDYdp3wJcYKr1hPnohOYpxqBudeucBgLioaa4VLI9RhzUyUFoHB60BdE4GEot
1WoY5qh0lH4wM3MOQglNoBcJiiDGDQhcJb0BPzqksLI08PB8x+b5/TnWOKmGB/8S
Nv5WGjBEOoPlPUhx8zyhsLK5RViuV+TFcp8yunNDGMSc+3gS50NyXl75hJXESlQB
jlQjf3oGctawMxRiFbcSq/RCv2forYi5nfYkMJvSKMM6CYADzWbMilVeYQkm4yya
WtIakNjr9eXBG2V0sAvJS/Lw5o/9/FyfqjLTkBjkJ+oP+7Kh8RMd3h6Q3Qe+SesD
B2K8AuAeHO6IgxiZmQ9gSqx9B/lSgKQ8+X5FXcR3uL+lddsxrFlWqX874barsL8t
DyBbBM7OwrSCDDKAJx+xhN90t5jZsl2FdNt7u/uQA8Fu9dGFi3gsgCCIbZKjA8zY
DTZqtlEfiJTzJidjaPV5hQTQEOSoJAMGuP8J1VGvUlv67ZPYKa6lyBIfGzMmGPJQ
Jis9Ypyo0sQ0V9ukQsCvkRFnqUGHWZguQSWo59KCr7M=
=mE6M
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a>

</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="7"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#8">By Date</a>
<a href="9"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="7"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#8">By Thread</a>
<a href="9"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>APPLE-SA-2018-10-30-3 Safari 12.0.1</strong> <em>Apple Product Security (Nov 02)</em>
</li></ul>


<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started