====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN236
_____________________________________________________________________

DATE                : 27/04/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Safari versions prior to 14.1.

=====================================================================
https://support.apple.com/en-us/HT212318
_____________________________________________________________________


Safari 14.1

Released April 26, 2021


WebKit

Available for: macOS Catalina and macOS Mojave

Impact: Processing maliciously crafted web content may lead to a cross
site scripting attack

Description: An input validation issue was addressed with improved input
validation.

CVE-2021-1825: Alex Camboe of Aon’s Cyber Solutions


WebRTC

Available for: macOS Catalina and macOS Mojave

Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory

Description: A use after free issue was addressed with improved memory
management.

CVE-2020-7463: Megan2013678



Information about products not manufactured by Apple, or independent
websites not controlled or tested by Apple, is provided without
recommendation or endorsement. Apple assumes no responsibility with
regard to the selection, performance, or use of third-party websites or
products. Apple makes no representations regarding third-party website
accuracy or reliability. Contact the vendor for additional information.


Published Date: April 26, 2021


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================