You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa Safari

Sigurnosni nedostaci programskog paketa Safari

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1

Safari 6.2 and Safari 7.1 are now available and address the
following:

Safari
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: An attacker with a privileged network position may intercept
user credentials
Description: Saved passwords were autofilled on http sites, on https
sites with broken trust, and in iframes. This issue was addressed by
restricting password autofill to the main frame of https sites with
valid certificate chains.
CVE-ID
CVE-2014-4363 : David Silver, Suman Jana, and Dan Boneh of Stanford
University working with Eric Chen and Collin Jackson of Carnegie
Mellon University

WebKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-6663 : Atte Kettunen of OUSPG
CVE-2014-4410 : Eric Seidel of Google
CVE-2014-4411 : Google Chrome Security Team
CVE-2014-4412 : Apple
CVE-2014-4413 : Apple
CVE-2014-4414 : Apple
CVE-2014-4415 : Apple

WebKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious website may be able to track users even when
private browsing is enabled
Description: A web application could store HTML 5 application cache
data during normal browsing and then read the data during private
browsing. This was addressed by disabling access to the application
cache when in private browsing mode.
CVE-ID
CVE-2014-4409 : Yosuke Hasegawa (NetAgent Co., Led.)

Safari 7.1 and Safari 6.2 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

—–BEGIN PGP SIGNATURE—–
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools – http://gpgtools.org

iQIcBAEBAgAGBQJUGkSxAAoJEBcWfLTuOo7tNVcP/j3m7E6n31A4jJ+KpQK8QSaC
no9gPE/qLSAyHCPY1GvaLqNAiFrfbHvJu0C9GCRQe0K7CElCIovtxUZ91PREInPw
yQHsyFefeICOXwmU7fz1MWJcUufV6vdThcOzLQciSC2SomiptGdfhbi1/oyXWa7b
6W8m2adZBv4XDUfObEVO8S28/XsBRN5zHXGbGmwTqobBAGZp8G/IDiB5RjjY0vC3
TCs4TvhlWqUSyCaubqRGtvTol8+eVqFkFsJb/e4j8IlHi83BF5Gb20F+L3kW9lBH
rez4sz/chnjR5cFc6Be3ciXNdG10d5urMBFTXB8u6Wu7rl5oShD25OB/j4n+8Ik4
tvQZfGsRnTicFgywX28QuRVWwldK4VFvMcHAEPZ+8FuwjJCZSLbk0JPXJTC374N2
+G/fh6knx+yNEezedUAbR93OFIDn9lKniVlfVvALs8DnI4Qvfus1yQ9Pxb4rA6Y6
wguh4HaAeasMVZeL9nA8NHPH4aVhGryhaGq3N4ykag/TKtXAn2EsOsevQ5tWRYV2
LMJiFcDHcqjOftmbkNN/jbR35PX9InSBVeFqWG++01xKpcR/YrP1uEHY3fiQC/Z4
kX7nr26nrMXJkEb28ShAlyMYmGaQdos5S6jfe2liNg2C4y4E4aUbMwi8+L/wzXO+
mlqQ1qQbOepcgb+U0iLX
=muK9
—–END PGP SIGNATURE—–

—–BEGIN PGP SIGNATURE—–
Comment: GPGTools – http://gpgtools.org

iQIcBAEBAgAGBQJUGkVVAAoJEBcWfLTuOo7tOh4QAKl+F9vGD4XyNNcstBBlpN6G
Rim28163+O6Yn8cDvmqD16e9bqy+py2AX8HDZvuOAiy5nuneBc73y+96k6BCZund
egNCMff9ivqJjtjZA6Vc52if6YrbvqwqtGv0I3svHLubUmD6hCr7yMHHeRU2Irf/
pgP1rZ6QGL2yRQDLYYdRP65PNUWFH1qGIYq1B2hMlzdXdiaiQdvHoXUnX8DPbXyy
2dqaekrgeLdVthG4/pXwndxQXWMU5kWIDfBG/cQ8UBldEDxhkIMx13HWbJjbFAgD
qNyyRK7/NvDJOWEuAKGfCxm4F2eAOzl2EEQcW9kYlscK9bxIXKF3r7wz1NWZ+uKN
Tqv364I8BzthxiEWBUa7gJ4jgGTDoqIW3/nkwkObHrhhH7JmN8ecNbxWh6gRxXk7
QsybpnR1Y8QvCUrk9nI+j2ESghzewmcCr36YDhyS/rWWrn4JlovapsRgE9aqxY6i
EOSJrsJO6v3yOT5HeNSre2FQOT8FNh/Ldv6lK9TFV7I/L+jwU/G8wrHN1IYGYno/
+ox2XaOz2yqWMy+HhEZw/ZNndJWhEUhDxyGx/UMFlas8SKjNB5sZJp07SNPgzKnA
jmFFcbwjMVR0bFm+6Wb5jV4jLrXL5yPU+LJ5pE0DXZXw+ZTwZQk9gsL8vpyWNpUX
jkrdQiWH1eYBkIqn+Akb
=FIJZ
—–END PGP SIGNATURE—–
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa curl

Otkriveni su sigurnosni nedostaci u programskom paketu curl za openSUSE 13.1 i openSUSE 12.3. Otkriveni nedostaci potencijalnim napadačima omogućuju manipuliranje...

Close