ESB-2017.1784 - [OSX] Safari: Multiple vulnerabilities 2017-07-20

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.1784
                               Safari 10.1.2
                               20 July 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          Safari
Publisher:        Apple
Operating System: OS X
Impact/Access:    Execute Arbitrary Code/Commands -- Remote with User Interaction
                  Access Privileged Data          -- Remote with User Interaction
                  Cross-site Scripting            -- Remote with User Interaction
                  Denial of Service               -- Remote with User Interaction
                  Provide Misleading Information  -- Remote with User Interaction
Resolution:       Patch/Upgrade
CVE Names:        CVE-2017-7064 CVE-2017-7061 CVE-2017-7060
                  CVE-2017-7059 CVE-2017-7056 CVE-2017-7055
                  CVE-2017-7052 CVE-2017-7049 CVE-2017-7048
                  CVE-2017-7046 CVE-2017-7043 CVE-2017-7042
                  CVE-2017-7041 CVE-2017-7040 CVE-2017-7039
                  CVE-2017-7038 CVE-2017-7037 CVE-2017-7034
                  CVE-2017-7030 CVE-2017-7020 CVE-2017-7019
                  CVE-2017-7018 CVE-2017-7012 CVE-2017-7011
                  CVE-2017-7006  

Reference:        ESB-2017.1780
                  ESB-2017.1779
                  ESB-2017.1777

- --------------------------BEGIN INCLUDED TEXT--------------------

APPLE-SA-2017-07-19-5 Safari 10.1.2

Safari 10.1.2 is now available and addresses the following:

Safari
Available for:  OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12.6
Impact: Processing maliciously crafted web content may lead to an
infinite number of print dialogs
Description: An issue existed where a malicious or compromised
website could show infinite print dialogs and make users believe
their browser was locked. The issue was addressed through throttling
of print dialogs.
CVE-2017-7060: Travis Kelley of City of Mishawaka, Indiana

WebKit
Available for:  OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12.6
Impact: A malicious website may exfiltrate data cross-origin
Description: Processing maliciously crafted web content may allow
cross-origin data to be exfiltrated by using SVG filters to conduct a
timing side-channel attack. This issue was addressed by not painting
the cross-origin buffer into the frame that gets filtered.
CVE-2017-7006: David Kohlbrenner of UC San Diego, an anonymous
researcher

WebKit
Available for:  OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12.6
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A state management issue was addressed with improved
frame handling.
CVE-2017-7011: xisigr of Tencent's Xuanwu Lab (tencent.com)

WebKit
Available for:  OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12.6
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7018: lokihardt of Google Project Zero
CVE-2017-7020: likemeng of Baidu Security Lab
CVE-2017-7030: chenqin of Ant-financial Light-Year Security Lab
()
CVE-2017-7034: chenqin of Ant-financial Light-Year Security Lab
()
CVE-2017-7037: lokihardt of Google Project Zero
CVE-2017-7039: Ivan Fratric of Google Project Zero
CVE-2017-7040: Ivan Fratric of Google Project Zero
CVE-2017-7041: Ivan Fratric of Google Project Zero
CVE-2017-7042: Ivan Fratric of Google Project Zero
CVE-2017-7043: Ivan Fratric of Google Project Zero
CVE-2017-7046: Ivan Fratric of Google Project Zero
CVE-2017-7048: Ivan Fratric of Google Project Zero
CVE-2017-7052: cc working with Trend Micro's Zero Day Initiative
CVE-2017-7055: The UK's National Cyber Security Centre (NCSC)
CVE-2017-7056: lokihardt of Google Project Zero
CVE-2017-7061: lokihardt of Google Project Zero

WebKit
Available for:  OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12.6
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2017-7064: lokihardt of Google Project Zero

WebKit
Available for:  OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12.6
Impact: Processing maliciously crafted web content with DOMParser may
lead to cross site scripting
Description: A logic issue existed in the handling of DOMParser. This
issue was addressed with improved state management.
CVE-2017-7038: Neil Jenkins of FastMail Pty Ltd, Egor Karbutov
(@ShikariSenpai) of Digital Security and Egor Saltykov
(@ansjdnakjdnajkd) of Digital Security
CVE-2017-7059: an anonymous researcher

WebKit
Available for:  OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12.6
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-7049: Ivan Fratric of Google Project Zero

WebKit Page Loading
Available for:  OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12.6
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7019: Zhiyang Zeng of Tencent Security Platform Department

WebKit Web Inspector
Available for:  OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12.6
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7012: Apple

Installation note:

Safari 10.1.2 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWXBPU4x+lLeg9Ub1AQi+bg/+LvIsxvgeQrdi43O6xyjThBkSVcYrqR8n
QoJa5qWPqoHrQ0mzK1Pftx4oh7M8rbl/w+Dz9pi+RlRW4w2HzdZqDDGpIxzq8Lgq
QFocQlfaK6W3b9j1hMv/kL3JSyWhUVnQ03Y+QgPupkT7ROH+8xHDsdPNfmBSfEkR
wOodxV+oFNl/T2VuIhUt3rsMS7um5ig9G6v10zfsqvsA4EHON94frZhspRfR2/uE
zj9oWUHP0fbovnKYzG0WZfqqHg9ro00jplS+UnEtyOYe5HqkiMu38C0Q8lhZ1NLU
sfnvvA9Fy5OloMpvOMVitFgfkWQG+uGqeaS+/NLBQbVnpLQuaBClex4e1d4iWHjJ
22gPB3JdcQt4MsyMJ0gWp08IhrMqQn5fbDbWMp7SI99kwCl2+j08BP7UgSP/CfXF
xbkLA4kDXMAi8sTgnmlFeNU3FletljZTpL6+pNYsOgxY+7pUSAPespe55MCFg6ZT
7Ih8Pg8qB9RkBOhuUChvPEyNiu6MWLYCLQh7r0150acA22Z4N/VDGGrbfK9DtQo9
1HDziwgWRUrjkYVrv6YbLej/MTvZ3vyLYNkgaPvaPDphMr7h0DKnm+KAZQ+rE+FT
NbmRFVNyeK8H5QzqWKNw2udExk4IoZfpKRq8d2+LrkPd8x3XRy3OktlKvivGs8pm
4MOLf/tKNvE=
=QDr9
-----END PGP SIGNATURE-----

« Back to bulletins