Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

APPLE-SA-2020-1-28-5 Safari 13.0.5

Related Vulnerabilities: CVE-2020-3833   CVE-2020-3841  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="43"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#44">By Date</a>
<a href="45"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="43"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#44">By Thread</a>
<a href="45"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>

</div>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">APPLE-SA-2020-1-28-5 Safari 13.0.5</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->


<em>From</em>: Apple Product Security via Fulldisclosure &lt;fulldisclosure () seclists org&gt;


<em>Date</em>: Tue, 28 Jan 2020 14:36:51 -0800


<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2020-1-28-5 Safari 13.0.5

Safari 13.0.5 is now available and addresses the following:

Safari
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2020-3833: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)

Safari Login AutoFill
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: A local user may unknowingly send a password unencrypted over
the network
Description: The issue was addressed with improved UI handling.
CVE-2020-3841: Sebastian Bicchi (@secresDoge) from Sec-Research

Installation note:

Safari 13.0.5 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: <a rel="nofollow" href="https://support.apple.com/kb/HT201222">https://support.apple.com/kb/HT201222</a>

This message is signed with Apple's Product Security PGP key,
and details are available at:
<a rel="nofollow" href="https://www.apple.com/support/security/pgp/">https://www.apple.com/support/security/pgp/</a>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl4whoIACgkQBz4uGe3y
0M2ULA//fbYU/AYMEqzVZp/rYswUq6jqLzZoF42t6fiSUsAx4SeXvY/6r7Zod3PU
WSZ8wE2x8DKTOA0bZO1NTqTaCJbAuwcaOwlpBUmvMUdGgO19jtqiYVx9vFvRx/xW
dgDPEzCTFFw/23L6uTcKyQT2MCuJvotDYjuRUmOZ5Aq8udlq2SJPS4IeW8hZIFVX
Q63ooRgGT3HxdsCjcsYIoJhpcdqOu6VbzoyxnK6SAr4VoxiJAIvzmE12IWTYyIjf
x784W4w6/jM0NqG4DNQdymFnaiHMGb4BA+UFDWLAY06Ij8So9oEG+VfpyNBF0OgW
wTk7XBlpoMFVXjii4hPoJUHeKuyacU0+9V59i/Nbq7xS0FuyEfVtqdYpnevMdxDO
v4kEzelHRsT316gxsp8PFleB57ImVQAFy3xA5eNciZRsI03RwLNmUI7PItwaRe9b
opYwsdt5Eoo69R2RhM/3OpV0tRToQ6eHMjT9HY4qyOkieMNt2G3JhT8N7aTm+l2P
K7oZkuvm3nY6rEPEmDrao+diz/N8Z7pCAX+AH0tAOMQzQKj4i20hSqmToGYSFBLO
BS9i9+nwqqT/Iggiq0cTeNf8h3MhuoI0CZL9QKpnWxoPYKJCQXvfAQoIjOZ9u3p7
O5FoMzuilQ2UGqcxwDm0iBUDq6ZkKo+cUsNW3+siHcD2yr++N60=
=zlOg
-----END PGP SIGNATURE-----


_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a>

</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="43"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#44">By Date</a>
<a href="45"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="43"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#44">By Thread</a>
<a href="45"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>APPLE-SA-2020-1-28-5 Safari 13.0.5</strong> <em>Apple Product Security via Fulldisclosure (Jan 31)</em>
</li></ul>


<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started