==================================================================== CERT-Renater Note d'Information No. 2017/VULN266 _____________________________________________________________________ DATE : 20/09/2017 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Safari versions prior to 11. ===================================================================== https://lists.apple.com/archives/security-announce/2017/Sep/msg00000.html ____________________________________________________________________ APPLE-SA-2017-09-19-2 Safari 11 Safari 11 is now available and addresses the following: Safari Available for: OS X El Capitan 10.11.6 and macOS Sierra 10.12.6 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7085: xisigr of Tencent's Xuanwu Lab (tencent.com) WebKit Available for: OS X El Capitan 10.11.6 and macOS Sierra 10.12.6 Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of the parent-tab. This issue was addressed with improved state management. CVE-2017-7089: Frans Rosén of Detectify, Anton Lopanitsyn of ONSEC WebKit Available for: OS X El Capitan 10.11.6 and macOS Sierra 10.12.6 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7106: Oliver Paukstadt of Thinking Objects GmbH (to.com) Installation note: Safari 11 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================