From: Apple Product Security via Fulldisclosure <fulldisclosure () seclists org>
Date: Tue, 19 Nov 2024 17:39:30 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-11-19-2024-1 Safari 18.1.1
Safari 18.1.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121756.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
JavaScriptCore
Available for: macOS Ventura and macOS Sonoma
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution. Apple is aware of a report that this issue may have been
actively exploited on Intel-based Mac systems.
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 283063
CVE-2024-44308: Clément Lecigne and Benoît Sevens of Google's Threat
Analysis Group
WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: Processing maliciously crafted web content may lead to a cross
site scripting attack. Apple is aware of a report that this issue may
have been actively exploited on Intel-based Mac systems.
Description: A cookie management issue was addressed with improved state
management.
WebKit Bugzilla: 283095
CVE-2024-44309: Clément Lecigne and Benoît Sevens of Google's Threat
Analysis Group
Safari 18.1.1 may be obtained from the Mac App Store.
All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmc9InUACgkQX+5d1TXa
IvrVmxAA2y78urBGRBz1vPOWoutN8AxkYT50ng9/fZ/fAI6Xs+WQURYvuwEfRXax
xzqcASTqM/rgdKw8L5zDdRxQ0lE5h8Y67f/o2hznvxDFAwvTOtxVh2Z9/A3Ac72F
D9VkhnphYBioB7R+J9cionjO+WKoeKgb8X6zK0qJKhUfqaTE7qtg2Ncf1sZW3kt/
luzOrZxCQhPs4XE1ozcBa58Wgv2LeEI3jwIasCTd1qsiCsyNmy50ak91KazOoqIT
ve7H6KCifAbcn4//l6JVoJkVG2ve+syUIMdHuxMCCoVsmswkPolLvHXoEAVoLtsB
+kRwN7+lPBIBkzTWu6CIrDJTHPGSnuNq6xIyCrn75Q0DDF6gtFDSEumjtPwj4MA0
LCwmQHXgH0tcw0DVrRXTpv/ynx9QUe1sjao4BOSE6HLgtgwtic8DUOPpqba2DlRT
dAqnUoxvypOa9o9d4QTcLVi5ozZRcaD5tp5ejh4D1AM9hX9Gq/7Nc4h0IhwhpCLg
TNPy3stJF9hUTV/SiJGEDUWZg9b56gIirziOSHHeIQxfxoIAykgEBdbQ6S5HTnyx
6GhwIXBuzOLSEw69FKKIbaxhdZ42ouk4EgfrfbGj600KnInErNMfdGE+jaR6195v
iBJTdhJwNjnoakDE061Rvk/zkxWLvo3Fgw7UiMaWiWRHyYwwd0M=
=MpUb
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- APPLE-SA-11-19-2024-1 Safari 18.1.1 Apple Product Security via Fulldisclosure (Nov 21)