Safari 10.0.3
Released January 23, 2017
Safari
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.3
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A state management issue in the address bar was addressed through improved URL handling.
CVE-2017-2359: xisigr of Tencent's Xuanwu Lab (tencent.com)
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.3
Impact: Processing maliciously crafted web content may exfiltrate data cross-origin
Description: A prototype access issue was addressed through improved exception handling.
CVE-2017-2350: Gareth Heyes of Portswigger Web Security
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.3
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved memory handling.
CVE-2017-2354: Neymar of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative
CVE-2017-2362: Ivan Fratric of Google Project Zero
CVE-2017-2373: Ivan Fratric of Google Project Zero
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.3
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory initialization issue was addressed through improved memory handling.
CVE-2017-2355: Team Pangu and lokihardt at PwnFest 2016
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.3
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved input validation.
CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016
CVE-2017-2369: Ivan Fratric of Google Project Zero
CVE-2017-2366: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.3
Impact: Processing maliciously crafted web content may exfiltrate data cross-origin
Description: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.
CVE-2017-2363: lokihardt of Google Project Zero
CVE-2017-2364: lokihardt of Google Project Zero
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.3
Impact: Processing maliciously crafted web content may exfiltrate data cross-origin
Description: A validation issue existed in variable handling. This issue was addressed through improved validation.
CVE-2017-2365: lokihardt of Google Project Zero
'취약점 정보2' 카테고리의 다른 글
| macOS Sierra 10.12.3 업데이트 (0) | 2017.01.24 |
|---|---|
| iCloud for Windows 6.1.1 update (0) | 2017.01.24 |
| iTunes 12.5.5 for Windows update (0) | 2017.01.24 |
| wireshark 2.2.4 업데이트 릴리즈 (0) | 2017.01.24 |
| 곰플레이어 업데이트 내역 (0) | 2017.01.20 |