====================================================================

                             CERT-Renater

                 Note d'Information No. 2019/VULN398

_____________________________________________________________________

DATE                : 11/12/2019

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Safari versions prior to 13.0.4.

=====================================================================
https://lists.apple.com/archives/security-announce/2019/Dec/msg00005.html
_____________________________________________________________________

APPLE-SA-2019-12-10-6 Safari 13.0.4

Safari 13.0.4 is now available and addresses the following:

WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8835: Anonymous working with Trend Micro's Zero Day
Initiative, Mike Zhang of Pangu Team
CVE-2019-8844: William Bowling (@wcbowling)

WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8846: Marcin Towalski of Cisco Talos

Installation note:

Safari 13.0.4 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/


=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================