Operating System:

[OSX]

Published:

22 March 2016

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.0747
          Multiple vulnerabilities have been identified in Safari
                               22 March 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Apple Safari
Publisher:         Apple
Operating System:  OS X
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-1786 CVE-2016-1785 CVE-2016-1784
                   CVE-2016-1783 CVE-2016-1782 CVE-2016-1781
                   CVE-2016-1779 CVE-2016-1778 CVE-2016-1772
                   CVE-2016-1771 CVE-2016-1762 CVE-2009-2197

Reference:         ESB-2016.0743
                   ESB-2016.0742
                   ESB-2016.0741

Original Bulletin: 
   https://support.apple.com/en-au/HT206171

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-03-21-6 Safari 9.1

Safari 9.1 is now available and addresses the following:

libxml2
Available for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact:  Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description:  Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1762

Safari
Available for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact:  Visiting a malicious website may lead to user interface
spoofing
Description:  An issue existed where the text of a dialog included
page-supplied text. This issue was addressed by no longer including
that text.
CVE-ID
CVE-2009-2197 : Alexios Fakos of n.runs AG

Safari Downloads
Available for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact:  Visiting a maliciously crafted webpage may lead to a system
denial of service
Description:  An insufficient input validation issue existed in the
handling of certain files. This was addressed through additional
checks during file expansion.
CVE-ID
CVE-2016-1771 : Russ Cox

Safari Top Sites
Available for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact:  A website may be able to track sensitive user information
Description:  A cookie storage issue existed in the Top Sites page.
This issue was addressed through improved state management.
CVE-ID
CVE-2016-1772 : WoofWagly

WebKit
Available for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact:  A website may be able to track sensitive user information
Description:  An issue existed in the handling of attachment URLs.
This issue was addressed through improved URL handling.
CVE-ID
CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.

WebKit
Available for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact:  Processing maliciously crafted web content may lead to
arbitrary code execution
Description:  Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1783 : Mihai Parparita of Google

WebKit
Available for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact:  A malicious website may be able to access restricted ports
on arbitrary servers
Description:  A port redirection issue was addressed through
additional port validation.
CVE-ID
CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit
Technologies Co.,Ltd.

WebKit
Available for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact:  Visiting a maliciously crafted website may reveal a user's
current location
Description:  An issue existed in the parsing of geolocation
requests. This was addressed through improved validation of the
security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab
(http://www.tencent.com)

WebKit History
Available for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact:  Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description:  A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and PKAV Team (PKAV.net)

WebKit Page Loading
Available for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact:  A malicious website may exfiltrate data cross-origin
Description:  A caching issue existed with character encoding. This
was addressed through additional request checking.
CVE-ID
CVE-2016-1785 : an anonymous researcher

WebKit Page Loading
Available for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact:  Visiting a malicious website may lead to user interface
spoofing
Description:  Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin. This issue was addressed through improved URL
display logic.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation

Installation note:

Safari 9.1 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJW8JQMAAoJEBcWfLTuOo7tUYsP/0cwzYXXuSvBOUhCzUd3z//b
ZW1j9v2rbLLJB7wRNFhXsdz25MV/5pwX67Bb+rO9X21F/hItY61nHbTSayd+ud2v
HTDnPRAWtlEd2Xd9EarGttIRAhUEQyDts3e2KpOcw2XG+zZF38DKrLprvLJrTU8u
r8n8KnHP5ipOhPCubihsLQdf8jbCDnwKm2Lt0w7QAYYNOtIAzMKFtfjnsDzfJMm2
pN+laUBUDEeyv3ozmnyqmF6qSG8s43Mb+a+XeNYWEfr3VrwL6+k2YhwgFzl6jq1Z
5nMU2ziMP8OtfuVh7ldmR/+5zjkJzFCc8bbumu4Ipyhv1KOKESIxb/JNy+jCuL+D
uD2g2DUhqntt74SKSzYETJTZt0EKXjhQmPoeDa4Q6++Nq9Aw/OxpLZwoi+vUzEfn
cn/JGPsvwpjJjfdVFsCbaYVoCLivNy1uIwuKWpqQDjToGIMQGQ07KPepM9h5PPQ9
k1PkpH8HRynOkV5gbrGYvLyMgqJIB8KPeIQaSKARtUbCmn2zS99czD5fRojShmv+
BIZI5TowBRU9Cg4uwe0uRaSz/WiSI8OV8AcKqf0+59xYv6OfLLMIMAKYGIW+ZAdu
LvtU5uvVpMekW8pAPz95BlgK/6ullpLGQA6hU6TLDj78KuvdGLBKTdlKf42kV48g
ZD4qUKE2vo66y07AMC93
=8yOc
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVvDMuH6ZAP0PgtI9AQJxDRAAngl2bmSxNsLnCzQ/uB/8Jrww6QRLPEPa
3LwrpmIkZuZBw6GSGp/kyp/3o+2G1IQOEzriwifrORl2IzkBUb9yk/8Tvl4gzJFD
XYk6bgfpRQ5+9a85CYnKRcszo8Cjtcc3sfmPlzHcu+yNuYvmErrIOtv7409Z2iev
if3Jc+jD6iPUuiyooG2X1ZYBjavPgfcD1x/ywK2kpOAaBYb5WCWoULFRM6+WrOPU
VoCyLm8Ff+L7Q0kb5Y8ma0NsdnwAKyFugU5mOrdyYoZhglwrgkDQcHjRUf32aun+
WNWIdZMjHABtP5O9dPEXWQ3pUPEBXEJpUmH9JAMlty9zpTNyRUOX427oyo0RwCad
Wa3avOn/dAxiHSCvO/cbJNP42FxCFTfrQXhe+WWcPRWWlDdiZtSN85K7ScGTtaE6
35mAtZTEAu8u7uJzt7xU2xnK1Q6i49KDnMHNHbMbjrZ+5aYczDI9CCJ/YtilIpEA
IRzSpG62iyodRVhQJ/suXcLVNASo6I9rt+NpSst5LOeV532iC95YNo4S5P1Jj5Hz
pMSH21lm3czy1wr/nljWqtQNpL1WLiDnVafUkmXiLWWsrwEk8uXcEvwNyJkurjgc
bydlniXhE+pCLmqv8PSU7t7y5mL64vMiPrrTYVfYxiXYgznemT0cccZidC46GkPZ
ceU1BcniJEU=
=wQcd
-----END PGP SIGNATURE-----