Date: 17 April 2013
References: ASB-2013.0037 ESB-2013.0407
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.0542
Safari 6.0.4
17 April 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Safari
Publisher: Apple
Operating System: OS X
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2013-0912
Reference: ASB-2013.0037
ESB-2013.0407
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-04-16-1 Safari 6.0.4
Safari 6.0.4 is now available and addresses the following:
WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.3
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An invalid cast issue existed in the handling of SVG
files. This issue was addressed through improved type checking.
CVE-ID
CVE-2013-0912 : Nils and Jon from MWR Labs working with HP
TippingPoint's Zero Day Initiative
For OS X Lion systems Safari 6.0.3 is available via
the Apple Software Update application.
For OS X Mountain Lion systems Safari 6.0.3 is included with
OS X v10.8.3.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJRbOeOAAoJEPefwLHPlZEwksAP/Ri4p48A5xqlZjpsEjoHc6Zf
rIm01xAyqsVUg85leD5NP+8yqvEFV52FEG1sONslOFbnRz62RPWZsOtPs0sIrfYR
svRiCdXrB9nHW6NkrtXuEAAzFZl1VQ5Wu5ojWJU5VNrcW+Idml0eV9ktp5V5mSH1
dy+airv3xYGJt+35JttKTgKEPFLcU5uSxssEQb4SlTBDdCZFBV/+nbcDh0t1sapB
aS9iZnzbEh/mapMzkxMy7PBV3GGgu/bkTziSk5jV6G9WNaRUzKHrJgbIYkV1wDn0
lom7tyozkU+1P/XRYOJsdk+8Z8b9Zy6eihsvMgnWh7vBqSRHO1v6MTkIgkNQe64i
MQsmPbo3AuPq0EgKrUWHwO86OSy1J9lKiqsPCrGul05VhRAsTLTn1RiKAN20PsQH
XQKog9Nfk1yNrL+ONSlYB13w56QKDzzXmwWFRHBrwfMxH/YDICDPkLJumsOSS0SL
nuz9hfNCD7tKUg2/3JV2RVf94xa66Zli3j524VG54s19aBrUqx1cbqDBvAl9lyJY
hCijZUklOGYI0RPbP86dv1NdUdBN5dOT2foqlrGQU83ppvTO1sNC8NNFe+81RhkV
QXweNwnYMcW7183xz2Xenh4+oihzpg2dcn2FNlmu+utMMX7P+6ed9nYLbpR1FlEp
z4SkKyISyJ+dYYK/o0J5
=Vj0q
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUW4Wje4yVqjM2NGpAQLDIA//WAB7+S1DCGbgcKS0lirR7MsqpL+qTkS5
S4HnJQq7rgZ+QQeO5NjjDaJ/q2Ir4yWMT59Tm8JWer3X4JQ7XEYSDS58zXc7e7Xx
PFlIpN+evKv+m4Ad6G+HbM2a+a10Bn+PJopTCz7cTHY9Feuyi452RxwfUalrD7ms
FWj1kMw+6O6LHlQPH5tY4CEBGp/vbp1qlBVLzg/Jz3pyu/Wr9xFbRRBuQIalMn19
x7NZ5agsuFKMPo6NJ7AAlPRtJEHZ75EDnztko4FdJNKD2JSqahMUSmIbKri1sNHj
B2ktnu7CPXwaY4yS96stQDVtuffVhihTfVhYO144zth1aybtrJciyjUCJC29UDex
919m/+mEjokyPGIQQ0t3nIG0TFcAcUC4MvAWHcBnafDZASP7l8W8HTL0En935/XJ
qeCl41We32W9OFRSxd8judWdotCPEfpOGxBgHrtAAhIZvIC9/y+qO2wVVO1/J9VM
/S/2c6np4+uXgR0htk3wYj4hxIo3y+4UeDVztB4aRrM7t8RfN5LBtRe8FulXnkRA
ZjigGJDvKwE7oq1KJVQ5kyfC+r35tDMgDUlumjj5cHkGI3tHHDbfWx7EQXwrTV2R
Rz1hu9+NwuX6H3gnFHYwgc7cZqHYNEI+J8CyJC+yL+AiKLMWEF+eqpatPX7nLcI/
O7PFkWRFk88=
=W6JE
-----END PGP SIGNATURE-----
|