You are here
Home > Preporuke > Nadogradnja za Safari

Nadogradnja za Safari

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

APPLE-SA-2014-12-3-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1

Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 is now available and
addresses the following:

WebKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10.1
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-4465 : Rennie deGraaf of iSEC Partners

WebKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10.1
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A UI spoofing issue existed in the handling of
scrollbar boundaries. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-1748 : Jordan Milne

WebKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10.1
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2014-4452
CVE-2014-4459
CVE-2014-4466 : Apple
CVE-2014-4468 : Apple
CVE-2014-4469 : Apple
CVE-2014-4470 : Apple
CVE-2014-4471 : Apple
CVE-2014-4472 : Apple
CVE-2014-4473 : Apple
CVE-2014-4474 : Apple
CVE-2014-4475 : Apple

Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
—–BEGIN PGP SIGNATURE—–
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools – https://gpgtools.org

iQIcBAEBCgAGBQJUfjjSAAoJEBcWfLTuOo7t1PsP/j0H8iRJiPtYVwRly6mxyDrv
4Ji7sopCSNa96qcqn9jILbFTkthqaXE/vew2UdJgO5CSXqxcF50I9bUkPJyJBq4j
qGEu8a54pMteNSCtox1mwzZu8tcOArc//oQhMPhqSRkEvjVv2bsJdQ9bmc1QqHhP
HkJBN/HO8w5RvZ6o5PiitnOOwVOu2sEX80mI7eYKmRjl7AWMzVE6sER1boL+EyCW
4F5s9610J7KjpWh2QewhhefYPootah9JCKoybTrrba+hBESYtHuRwTTkay7cgMkd
J+a4xdjngl/ySFqOH7IhnnUD8Cs5UelHk7HlwqoGTxsaRjKnWlZ+1PqtE5buN7v+
SeZeYqeWwSJEeDis55dMIHuKmYl3XsAHU7405A8AW27YLh+ABrnZNctebHub3bJ8
BayfF1h1AHh1UohXnz7u6o9LKavmKzy1VoUiTBKbon+4mBILuj9MlJVXxCIq/8Sl
kmxKlE969d1Ij/6LeNKb/BZ9SYoEOdkgZdqO5BNNtsBgE17xm5yGuJeZyour5hSM
8a9FwRf9QjKD/xodIP0VtB/c53eUe1DRJNgwXkmC4K+7nslBexmzDOxs2bG2LXOU
z0aExXx0goTI5K14PRFE+hLVDOw0jNjp7K2EQAKSK9oKF1sR/tk2nqO/AduSArbe
bftlUMkfPwAuqhtNajQZ
=S2wI
—–END PGP SIGNATURE——
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)

Top
More in Preporuke
Sigurnosni propust programskog paketa wpa_supplicant

Otkriven je sigurnosni propust u programskom paketu wpa_supplicant za RHEL 7. Propust se javlja u komponentama wpa_cli i hostapd_cli, a...

Close