====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN052
_____________________________________________________________________

DATE                : 30/01/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Safari versions prior to 13.0.5.

=====================================================================
https://lists.apple.com/archives/security-announce/2020/Jan/msg00004.html
_____________________________________________________________________


APPLE-SA-2020-1-28-5 Safari 13.0.5

Safari 13.0.5 is now available and addresses the following:

Safari
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2020-3833: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)

Safari Login AutoFill
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: A local user may unknowingly send a password unencrypted over
the network
Description: The issue was addressed with improved UI handling.
CVE-2020-3841: Sebastian Bicchi (@secresDoge) from Sec-Research

Installation note:

Safari 13.0.5 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/


=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================