===================================================================== CERT-Renater Note d'Information No. 2021/VULN653 _____________________________________________________________________ DATE : 16/12/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Safari versions prior to 15.2. ===================================================================== https://lists.apple.com/archives/security-announce/2021/Dec/msg00006.html _____________________________________________________________________ APPLE-SA-2021-12-15-7 Safari 15.2 Safari 15.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212982. WebKit Available for: macOS Big Sur and macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30934: Dani Biro WebKit Available for: macOS Big Sur and macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-30936: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab CVE-2021-30951: Pangu WebKit Available for: macOS Big Sur and macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2021-30952: WeBin WebKit Available for: macOS Big Sur and macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A race condition was addressed with improved state handling. CVE-2021-30984: Kunlun Lab WebKit Available for: macOS Big Sur and macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30953: VRIJ WebKit Available for: macOS Big Sur and macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2021-30954: Kunlun Lab Additional recognition WebKit We would like to acknowledge Jzhu, Peter Snyder of Brave, and Soroush Karami for their assistance. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================