-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2016-05-16-5 Safari 9.1.1Safari 9.1.1 is now available and addresses the following:SafariAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,and OS X El Capitan v10.11.5Impact: A user may be unable to fully delete browsing historyDescription: "Clear History and Website Data" did not clear thehistory. The issue was addressed through improved data deletion.CVE-IDCVE-2016-1849 : Adham GhrayebWebKitAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,and OS X El Capitan v10.11.5Impact: Visiting a malicious website may disclose data from anotherwebsiteDescription: An insufficient taint tracking issue in the parsing ofsvg images was addressed through improved taint tracking.CVE-IDCVE-2016-1858 : an anonymous researcherWebKitAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,and OS X El Capitan v10.11.5Impact: Visiting a maliciously crafted website may lead to arbitrarycode executionDescription: Multiple memory corruption issues were addressedthrough improved memory handling.CVE-IDCVE-2016-1854 : Anonymous working with Trend Micro's Zero DayInitiativeCVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto NetworksCVE-2016-1856 : lokihardt working with Trend Micro's Zero DayInitiativeCVE-2016-1857 : Jeonghoon Shin (at) A.D (dot) D [email concealed], Liang Chen, Zhen Feng, wushi ofKeenLab, Tencent working with Trend Micro's Zero Day InitiativeWebKit CanvasAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,and OS X El Capitan v10.11.5Impact: Visiting a maliciously crafted website may lead to arbitrarycode executionDescription: Multiple memory corruption issues were addressedthrough improved memory handling.CVE-IDCVE-2016-1859 : Liang Chen, wushi of KeenLab, Tencent working withTrend Micro's Zero Day InitiativeSafari 9.1.1 may be obtained from the Mac App Store.Information will also be posted to the Apple Security Updatesweb site: http://ift.tt/1p75l9HThis message is signed with Apple's Product Security PGP key,and details are available at:http://ift.tt/JvT2t4-----BEGIN PGP SIGNATURE-----Comment: GPGTools - https://gpgtools.orgiQIcBAEBCgAGBQJXOj0LAAoJEIOj74w0bLRGg00P/15+B1ltGhgazsTVc8eZVaC+LVe24/wN8yTv8I5N23JLFRcMopJj7GFSEU+ApYvgkgw2U3w5sku7Vz0scG2YYHcaubfUP3GdIsNlgaDMUvBCS3dUyzbK85AYZHhcAvQ4nL60Ttjk2wi9YpnKuY7eTEwiGnMmfuRdmsN6pEIUofCrwtYw2zC4Yte/iyxZSc9vQthqjLqn992FBrWZO6NLnhK8P1NusAo/Eby/Z8xftS+foHGEcZg2zuKDkJsoHgN+HwiuO8bdiA9ZeqbH2iQIymboN/PRIP2E1W/RXFodit16oA3PjoHs813WOyoc85mG8yLNOoLXcdpSWqosDKUhrXsFFL4H+O0XCUUDEzYr+kyqj+tvNn3UwnNEcW6ZgyrWBU2w93CG1MpR9eTr4o/xxLd32gN4mj8PvK/Or2TVKFBB5rRb+SIKjPqrDyB/NJyqnaLurnuEYjMZv7nM6U3HDFqlXxZ3b3jq0uoBXOAAiSm1g6MFgcjkZLcvM55CkljQha5SKCgrUnZ52jsDPqXGfNL7CUcTUQ8VTtXknASYo6c1dOZs0snCkHNK84iFZdELwQz8t4R6ERH0YmV8yuplqOe2SoYDJig8OkfdQK3HaL6MTNn7flwAsb/YV17nVYZxINYbkF88ticAH4l/KuCPQyXL6xvn35QzPS6xQsexYsbi=Ybx7-----END PGP SIGNATURE-----[ reply ]from SecurityFocus Vulnerabilities http://ift.tt/1YxpFwO
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-05-16-5 Safari 9.1.1
Safari 9.1.1 is now available and addresses the following:
Safari
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11.5
Impact: A user may be unable to fully delete browsing history
Description: "Clear History and Website Data" did not clear the
history. The issue was addressed through improved data deletion.
CVE-ID
CVE-2016-1849 : Adham Ghrayeb
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11.5
Impact: Visiting a malicious website may disclose data from another
website
Description: An insufficient taint tracking issue in the parsing of
svg images was addressed through improved taint tracking.
CVE-ID
CVE-2016-1858 : an anonymous researcher
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11.5
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1854 : Anonymous working with Trend Micro's Zero Day
Initiative
CVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks
CVE-2016-1856 : lokihardt working with Trend Micro's Zero Day
Initiative
CVE-2016-1857 : Jeonghoon Shin (at) A.D (dot) D [email concealed], Liang Chen, Zhen Feng, wushi of
KeenLab, Tencent working with Trend Micro's Zero Day Initiative
WebKit Canvas
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11.5
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1859 : Liang Chen, wushi of KeenLab, Tencent working with
Trend Micro's Zero Day Initiative
Safari 9.1.1 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: http://ift.tt/1p75l9H
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://ift.tt/JvT2t4
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXOj0LAAoJEIOj74w0bLRGg00P/15+B1ltGhgazsTVc8eZVaC+
LVe24/wN8yTv8I5N23JLFRcMopJj7GFSEU+ApYvgkgw2U3w5sku7Vz0scG2YYHca
ubfUP3GdIsNlgaDMUvBCS3dUyzbK85AYZHhcAvQ4nL60Ttjk2wi9YpnKuY7eTEwi
GnMmfuRdmsN6pEIUofCrwtYw2zC4Yte/iyxZSc9vQthqjLqn992FBrWZO6NLnhK8
P1NusAo/Eby/Z8xftS+foHGEcZg2zuKDkJsoHgN+HwiuO8bdiA9ZeqbH2iQIymbo
N/PRIP2E1W/RXFodit16oA3PjoHs813WOyoc85mG8yLNOoLXcdpSWqosDKUhrXsF
FL4H+O0XCUUDEzYr+kyqj+tvNn3UwnNEcW6ZgyrWBU2w93CG1MpR9eTr4o/xxLd3
2gN4mj8PvK/Or2TVKFBB5rRb+SIKjPqrDyB/NJyqnaLurnuEYjMZv7nM6U3HDFql
XxZ3b3jq0uoBXOAAiSm1g6MFgcjkZLcvM55CkljQha5SKCgrUnZ52jsDPqXGfNL7
CUcTUQ8VTtXknASYo6c1dOZs0snCkHNK84iFZdELwQz8t4R6ERH0YmV8yuplqOe2
SoYDJig8OkfdQK3HaL6MTNn7flwAsb/YV17nVYZxINYbkF88ticAH4l/KuCPQyXL
6xvn35QzPS6xQsexYsbi
=Ybx7
-----END PGP SIGNATURE-----
[ reply ]