Vulmon
<!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="32"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#27">By Date</a>
<a href="33"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="32"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#27">By Thread</a>
<a href="33"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>
</div>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">APPLE-SA-01-22-2024-1 Safari 17.3</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
<em>From</em>: Apple Product Security via Fulldisclosure <fulldisclosure () seclists org>
<em>Date</em>: Mon, 22 Jan 2024 17:08:36 -0800
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-01-22-2024-1 Safari 17.3
Safari 17.3 addresses the following issues.
Information about the security content is also available at
<a rel="nofollow" href="https://support.apple.com/kb/HT214056">https://support.apple.com/kb/HT214056</a>.
Apple maintains a Security Updates page at
<a rel="nofollow" href="https://support.apple.com/HT201222">https://support.apple.com/HT201222</a> which lists recent
software updates with security advisories.
Safari
Available for: macOS Monterey and macOS Ventura
Impact: A user's private browsing activity may be visible in Settings
Description: A privacy issue was addressed with improved handling of
user preferences.
CVE-2024-23211: Mark Bowers
WebKit
Available for: macOS Monterey and macOS Ventura
Impact: A maliciously crafted webpage may be able to fingerprint the
user
Description: An access issue was addressed with improved access
restrictions.
WebKit Bugzilla: 262699
CVE-2024-23206: an anonymous researcher
WebKit
Available for: macOS Monterey and macOS Ventura
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 266619
CVE-2024-23213: Wangtaiyu of Zhongfu info
WebKit
Available for: macOS Monterey and macOS Ventura
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution. Apple is aware of a report that this issue may have been
exploited.
Description: A type confusion issue was addressed with improved checks.
WebKit Bugzilla: 267134
CVE-2024-23222
Safari 17.3 may be obtained from the Mac App Store.
All information is also posted on the Apple Security Updates
web site: <a rel="nofollow" href="https://support.apple.com/en-us/HT201222">https://support.apple.com/en-us/HT201222</a>.
This message is signed with Apple's Product Security PGP key,
and details are available at:
<a rel="nofollow" href="https://www.apple.com/support/security/pgp/">https://www.apple.com/support/security/pgp/</a>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmWvDK4ACgkQX+5d1TXa
IvpsdQ/+LRXsqQK9ZIXoBoXhj0w15DUKVrVfQr/jauI3pgxBZcuZeYiM0SyNnROH
SXppIL9KGUaOxDm+RqggN4rVB/PFPBTfZ7NB42odpnyxswVe7ozTir09BaYGnwoo
o+S2I8IN6Nn7ePV5wTXjmftUjNetk6J5iGQ4KboVPTPsNOuw+3r/nohjrYt2ERgq
YFVAsBK0gOQwY1chnNxOqFghWtZCkYKIinYCc89KcYVwZ6WpFaQlqk++E1p1vd1C
l4teK1uJv7thLkpneq9e3alb1qQCfX5XLpHX596uNrs0HXJYESQgwZgHmMqsssJa
LOCTahxE39Oevjy9q5z+UzaIBK2SAULgmaMdnrRLDV8641hDsjVuYyCzVs5jMNOa
+ty80EmEUiwcR/yuzbAmOgmdvuVuowdkGWR9pdhTWM9Co7PMdTRZLUiOsi4qUUPT
HxqJ42o53gNWzJhINTyufVRDd2VTcOH8X+C/uEbwMF/LHO4scNnI/0n1SrRsUCKg
msV7r3VheTGylX3KV/ivZiJq8agjheh/awRDQ1/1Lyd7yGb8tZSdP0iFrCgayB9d
RgrVR7yyXd/SCQsjI2hGRzTMoTQhARsx78dXtf2LFxONZZOFIaYnupzLxHeX58kp
lcN/OmgEb9w0t+/M9Lwn4kdvTZ/rbfF5+1BAI9VTuuAt9N+0fyk=
=jmbL
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives & RSS: <a rel="nofollow" href="https://seclists.org/fulldisclosure/">https://seclists.org/fulldisclosure/</a>
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="32"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#27">By Date</a>
<a href="33"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="32"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#27">By Thread</a>
<a href="33"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>APPLE-SA-01-22-2024-1 Safari 17.3</strong> <em>Apple Product Security via Fulldisclosure (Jan 26)</em>
</li></ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>