=====================================================================

                               CERT-Renater

                     Note d'Information No. 2023/VULN437

_____________________________________________________________________

DATE                : 26/10/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Safari versions prior to 17.1.

=====================================================================
https://lists.apple.com/archives/security-announce/2023/Oct/msg00010.html
_____________________________________________________________________

APPLE-SA-10-25-2023-9 Safari 17.1

Safari 17.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213986.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Monterey and macOS Ventura
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 259836
CVE-2023-40447: 이준성(Junsung Lee) of Cross Republic

WebKit
Available for: macOS Monterey and macOS Ventura
Impact: Processing web content may lead to arbitrary code execution
Description: A use-after-free issue was addressed with improved
memory management.
WebKit Bugzilla: 259890
CVE-2023-41976: 이준성(Junsung Lee)

WebKit
Available for: macOS Monterey and macOS Ventura
Impact: Processing web content may lead to arbitrary code execution
Description: A logic issue was addressed with improved checks.
WebKit Bugzilla: 260173
CVE-2023-42852: an anonymous researcher

WebKit Process Model
Available for: macOS Monterey and macOS Ventura
Impact: Processing web content may lead to a denial-of-service
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 260757
CVE-2023-41983: 이준성(Junsung Lee)

Safari 17.1 may be obtained from the Mac App Store.
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================