Bugtraq: APPLE-SA-2016-05-16-5 Safari 9.1.1

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512

APPLE-SA-2016-05-16-5 Safari 9.1.1

Safari 9.1.1 is now available and addresses the following:

Safari

Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,

and OS X El Capitan v10.11.5

Impact: A user may be unable to fully delete browsing history

Description: "Clear History and Website Data" did not clear the

history. The issue was addressed through improved data deletion.

CVE-ID

CVE-2016-1849 : Adham Ghrayeb

WebKit

Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,

and OS X El Capitan v10.11.5

Impact: Visiting a malicious website may disclose data from another

website

Description: An insufficient taint tracking issue in the parsing of

svg images was addressed through improved taint tracking.

CVE-ID

CVE-2016-1858 : an anonymous researcher

WebKit

Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,

and OS X El Capitan v10.11.5

Impact: Visiting a maliciously crafted website may lead to arbitrary

code execution

Description: Multiple memory corruption issues were addressed

through improved memory handling.

CVE-ID

CVE-2016-1854 : Anonymous working with Trend Micro's Zero Day

Initiative

CVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks

CVE-2016-1856 : lokihardt working with Trend Micro's Zero Day

Initiative

CVE-2016-1857 : Jeonghoon Shin (at) A.D (dot) D [email concealed], Liang Chen, Zhen Feng, wushi of

KeenLab, Tencent working with Trend Micro's Zero Day Initiative

WebKit Canvas

Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,

and OS X El Capitan v10.11.5

Impact: Visiting a maliciously crafted website may lead to arbitrary

code execution

Description: Multiple memory corruption issues were addressed

through improved memory handling.

CVE-ID

CVE-2016-1859 : Liang Chen, wushi of KeenLab, Tencent working with

Trend Micro's Zero Day Initiative

Safari 9.1.1 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates

web site: http://ift.tt/1p75l9H

This message is signed with Apple's Product Security PGP key,

and details are available at:

http://ift.tt/JvT2t4

-----BEGIN PGP SIGNATURE-----

Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXOj0LAAoJEIOj74w0bLRGg00P/15+B1ltGhgazsTVc8eZVaC+

LVe24/wN8yTv8I5N23JLFRcMopJj7GFSEU+ApYvgkgw2U3w5sku7Vz0scG2YYHca

ubfUP3GdIsNlgaDMUvBCS3dUyzbK85AYZHhcAvQ4nL60Ttjk2wi9YpnKuY7eTEwi

GnMmfuRdmsN6pEIUofCrwtYw2zC4Yte/iyxZSc9vQthqjLqn992FBrWZO6NLnhK8

P1NusAo/Eby/Z8xftS+foHGEcZg2zuKDkJsoHgN+HwiuO8bdiA9ZeqbH2iQIymbo

N/PRIP2E1W/RXFodit16oA3PjoHs813WOyoc85mG8yLNOoLXcdpSWqosDKUhrXsF

FL4H+O0XCUUDEzYr+kyqj+tvNn3UwnNEcW6ZgyrWBU2w93CG1MpR9eTr4o/xxLd3

2gN4mj8PvK/Or2TVKFBB5rRb+SIKjPqrDyB/NJyqnaLurnuEYjMZv7nM6U3HDFql

XxZ3b3jq0uoBXOAAiSm1g6MFgcjkZLcvM55CkljQha5SKCgrUnZ52jsDPqXGfNL7

CUcTUQ8VTtXknASYo6c1dOZs0snCkHNK84iFZdELwQz8t4R6ERH0YmV8yuplqOe2

SoYDJig8OkfdQK3HaL6MTNn7flwAsb/YV17nVYZxINYbkF88ticAH4l/KuCPQyXL

6xvn35QzPS6xQsexYsbi

=Ybx7

-----END PGP SIGNATURE-----

[ reply ]


from SecurityFocus Vulnerabilities http://ift.tt/1YxpFwO