Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.1276 APPLE-SA-2013-09-12-2 Safari 5.1.10 13 September 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Safari Publisher: Apple Operating System: OS X Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2013-0997 CVE-2012-3748 Reference: ESB-2013.0788 ESB-2013.0705 ESB-2012.1121 ESB-2012.1050 ESB-2012.1049.2 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-12-2 Safari 5.1.10 Safari 5.1.10 is now available and addresses the following: JavaScriptCore Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in JavaScriptCore's JSArray::sort() method. These issues were addressed through additional bounds checking. CVE-ID CVE-2012-3748 : Joost Pol and Daan Keuper of Certified Secure working with HP TippingPoint's Zero Day Initiative CVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative Safari 5.1.10 is available via the Apple Software Update application, or Apple's Safari download site at: http://support.apple.com/downloads/#safari Safari for Mac OS X v10.6.8 The download file is named: Safari5.1.10SnowLeopardManual.dmg Its SHA-1 digest is: 16fa66d8c8336688d983e1f125f773bb45fa3897 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJSMiO5AAoJEPefwLHPlZEwsPIP/1GjMQjOgt+4qhRakbgh4aT+ K69+4jlcSL3Rx9KRp1KuNSi7hrR4oad27KZwpRpS//PguSuhNnEokF5TOHiO+t+D t4svsvwZqpYUZQCc1mXtW+l8rzMf87fXoWMItw4Sbf3bHrCozpfA4PKBQoMGH64J uCKSYfZ163+KkL5vncYxFxwyH5QZUKS2fstglQRPhRZFuPcYsQXtn+8q4g3TLgBT K1WPqSLoGEIKikHQpXexL496cafZTOgl147Qy2a/GHF5abrsOQ7/hxDtKOibYWlf kVN53+Bl1ibWlw7Itu5rx30Q/l8zRiTCBjhZ0np9t4CAIGDfaMPQOWbBYcaE/dB2 geuAHXLMGSoWEF+DktmQCoq4eIXzyoZNsyUYWrOs597mTKwTHUgxnhQdOu+8DEiB YNdvoKU6kMFUW8HhR4vSZmLJX9pJwgDvk1CW0f1oFrEhI5u4s+dM4tZKArdaQY/Z CRWGxCiuCRZWn5kE7O6ClnW6qEels5c0r1IIOqm4B6iZ0xGpSOboHn4sgHyP52RZ Tj/Yh618mYqHE16I5NwAMjRNIAXrrrMr2XtMxCWpxzR8NeEvlDmYgBpMh/Jggatw Gds64YuNbQGrEOLe1Vaid/GgXDGOXGNnaz6zae+Da3Ep87R9gTFaXXbTs2Sl1quM PLeozUvV/8aOBrng0blU =ZzCa - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUjJe6xLndAQH1ShLAQKumxAAnFh6th7qhv9A4RqsVnGX5vvpjKo+nYgr isbGpqSE7Tw1zW2BqqujFmpKKDA5dDd+0MMpOKcspBHKHZUHTd14p1soElNtUTay JbopVb3+3/Ncvc7wqOJrDrkyms2WgpD7/aH9zd7GlY+UiJVTRSUA1jwrhAMNU5TW 2+4BE1eIo8aIvizu1Fg9f4qd1ExnDHCcUd+7/OGeuWf+PF3pt7r/hy0c6mG2XTES nBXfaj8h50mNGM9By+8RWhatyo0eB4MVI8R1JNXX7c5a4ZVyfIZukPLVYgUScpiB QbAaiyZkNf/7XEa5zVSu9Oah632FtzvnBF/H7CRg8P0JIt6skN9e15JY2HhjumpQ 44J4q3jX5F62cpt/xFpfjK9vWapazgVj4uHA9mDpg8nhODn1NpN5YwFPBZjGcsrW tF5QBPInX+Se5PYBSLilwsuS6hqwAnyLyrJbQ7oh1f74FEb1MsScZrCnn1hYQjVf jal1a3/+bu2dnaaCWK5BWk/EZmhsk0mhoF9e+aImf3sjYWe5i4pdjo3DH9LQ1qO9 uZnZINr597/75dR4BbRI6PQlcDDeQyM/wuPY5RYQIFs2KMQwh3SiHNDm3It88CGW dKg8VJ6P5KCdpXKmph9jKZ+uB1wXJX6/dA/JWvGEysmHo9SwDl9MiVgB+JPWZRMi p+93x9zgj/8= =1WKL -----END PGP SIGNATURE-----