This issue was addressed with improved data handling. Impact: Website data may persist after a Safari Private browsing sessionĭescription: An information leakage issue existed in the handling of website data in Safari Private windows. This issue was addressed with improved restrictions.ĬVE-2017-7144: Mohammad Ghasemisharif of UIC’s BITS Lab Impact: A malicious website may be able to track users in Safari private browsing modeĭescription: A permissions issue existed in the handling of web browser cookies. Impact: Processing maliciously crafted web content may lead to a cross site scripting attackĭescription: Application Cache policy may be unexpectedly applied.Īvailable for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6, macOS High Sierra 10.13 This issue was addressed by no longer returning cookies for custom URL schemes.ĬVE-2017-7106: Oliver Paukstadt of Thinking Objects GmbH (to.com) Impact: Cookies belonging to one origin may be sent to another originĭescription: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved state management.ĬVE-2017-7089: Anton Lopanitsyn of ONSEC, Frans Rosén of Detectify Scott Gilbertson, writing for The Register: The legacy of Internet Explorer 6 haunts web developer nightmares to this day. Impact: Processing maliciously crafted web content may lead to universal cross site scriptingĭescription: A logic issue existed in the handling of the parent-tab. Apple's Safari Browser Runs the Risk of Becoming the New Internet Explorer - Holding the Web Back for everyone () 156 Posted by msmash on Friday Octo09:00AM from the closer-look dept. Impact: Processing maliciously crafted web content may lead to arbitrary code executionĭescription: A memory corruption issue was addressed through improved input validation.ĭescription: Multiple memory corruption issues were addressed with improved memory handling.ĬVE-2017-7091: Wei Yuan of Baidu Security Lab working with Trend Micro’s Zero Day InitiativeĬVE-2017-7092: Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative, Qixun Zhao of Qihoo 360 Vulcan TeamĬVE-2017-7093: Samuel Gro and Niklas Baumstark working with Trend Micro’s Zero Day InitiativeĬVE-2017-7094: Tim Michaud of Leviathan Security GroupĬVE-2017-7095: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University working with Trend Micro’s Zero Day InitiativeĬVE-2017-7096: Wei Yuan of Baidu Security LabĬVE-2017-7098: Felipe Freitas of Instituto Tecnológico de AeronáuticaĬVE-2017-7100: Masato Kinugawa and Mario Heiderich of Cure53ĬVE-2017-7102: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological UniversityĬVE-2017-7104: likemeng of Baidu Secutity LabĬVE-2017-7107: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological UniversityĬVE-2017-7111: likemeng of Baidu Security Lab () working with Trend Micro's Zero Day InitiativeĬVE-2017-7117: lokihardt of Google Project ZeroĬVE-2017-7120: chenqin (陈钦) of Ant-financial Light-Year Security Lab Impact: Visiting a malicious website may lead to address bar spoofingĭescription: An inconsistent user interface issue was addressed with improved state management.ĬVE-2017-7085: xisigr of Tencent's Xuanwu Lab () Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13
0 Comments
Leave a Reply. |