exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Security Advisory 2020-03-24-5

Apple Security Advisory 2020-03-24-5
Posted Mar 25, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-03-24-5 - Safari 13.1 is now available and addresses code execution and cross site scripting vulnerabilities.

tags | advisory, vulnerability, code execution, xss
systems | apple
advisories | CVE-2020-3885, CVE-2020-3887, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-9783, CVE-2020-9784
SHA-256 | 97d95b9be861f9f336433071faf1a2705a8e9146341d71942b34d5f3a5653ef9

Apple Security Advisory 2020-03-24-5

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2020-03-24-5 Safari 13.1

Safari 13.1 is now available and addresses the following:

Safari Downloads
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: A malicious iframe may use another website’s download
settings
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9784: Ruilin Yang of Tencent Security Xuanwu Lab, Ryan
Pickren (ryanpickren.com)

WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3901: Benjamin Randazzo (@____benjamin)

WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: A download's origin may be incorrectly associated
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3887: Ryan Pickren (ryanpickren.com)

WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3895: grigoritchy
CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech

WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: An application may be able to read restricted memory
Description: A race condition was addressed with additional
validation.
CVE-2020-3894: Sergei Glazunov of Google Project Zero

WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9783: Apple

WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s
Zero Day Initiative

WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-3899: found by OSS-Fuzz

WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit)

WebKit Page Loading
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: A file URL may be incorrectly processed
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3885: Ryan Pickren (ryanpickren.com)

Additional recognition

Safari
We would like to acknowledge Dlive of Tencent Security Xuanwu Lab,
Jacek Kolodziej of Procter & Gamble, and Justin Taft of One Up
Security, LLC for their assistance.

Safari Extensions
We would like to acknowledge Jeff Johnson of underpassapp.com for
their assistance.

Safari Reader
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.

WebKit
We would like to acknowledge Emilio Cobos Álvarez of Mozilla, Samuel
Groß of Google Project Zero, and an anonymous researcher for their
assistance.

Installation note:

Safari 13.1 may be obtained from the Mac App Store.
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64

iQIcBAEDCAAGBQJeejDWAAoJEAc+Lhnt8tDN+aYP/2PReUsWsxAK0Xv2Uv6h2jht
aBFzq84DKiz26b6xi5/c40bLzCc7zoHySJHIPoHNiUMocQHmyRbOziE6pSWXpmcm
rZK5iJ0IF9TAPt58zqkxmUcTr+T/dq1aiVXJNRSp/NolB4rN5Vg8BHywZ8nOYmGl
SPDe1Xo15Q1yDBxjaoAo6vMXeu2/DPoVk/WNSceWGcd/ImCqoFpWvmmpuVyJXN0u
nFskPkX46KP8SGwf2F9lPWwfLNMGrqSxWh8Wsnevhot/CVjS5hguGlsLvv+5cIE3
DQfDwjMAKXTbJAUXVxcUv4I1k7qoDOPvfaLhZLKaPb2/0TB0Gsovyz9/Dd68Y8a3
bkEoJaM/mnp9p3V//2ITES1LYpibzXL3AUWDWwYvCaIDghllXFn+5tmu7Pd40sIQ
Pl/qSzdOQ57OJbjedMsJkhtTX71iuhWbEMvzB+btrKRKKIOcCdnpWYMrYe8Zflil
wUWyPiOLNoj18qT/iUfcq2qD98CNPMheYZHr6JWnXDCaRkZ6z7C0yemu/auZOmiD
cIeYBa4wnBoYX8Vd1avqyUXAUe2C5gjJOynb7x4TwkKIbcmkrZpMcLM2prNM6h29
G04eqXKH/SODUViPZGn3vahn2SZ4HtN9R7Ae7+pJfbI/0IDjLaA+yzQa6MBBpzNV
9nrxH+hfviekXKwfUo5r
=JnUX
-----END PGP SIGNATURE-----



Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close