===================================================================== CERT-Renater Note d'Information No. 2024/VULN105 _____________________________________________________________________ DATE : 11/03/2024 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Safari versions prior to 17.4. ===================================================================== https://support.apple.com/en-au/HT214089 _____________________________________________________________________ APPLE-SA-03-07-2024-1 Safari 17.4 Safari 17.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214089. Apple maintains a Security Releases page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Safari Private Browsing Available for: macOS Monterey and macOS Ventura Impact: Private Browsing tabs may be accessed without authentication Description: This issue was addressed through improved state management. CVE-2024-23273: Matej Rabzelj WebKit Available for: macOS Monterey and macOS Ventura Impact: Processing web content may lead to a denial-of-service Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 263758 CVE-2024-23252: anbu1024 of SecANT WebKit Available for: macOS Monterey and macOS Ventura Impact: A malicious website may exfiltrate audio data cross-origin Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 263795 CVE-2024-23254: James Lee (@Windowsrcer) WebKit Available for: macOS Monterey and macOS Ventura Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: A logic issue was addressed with improved validation. WebKit Bugzilla: 264811 CVE-2024-23263: Johan Carlsson (joaxcar) WebKit Available for: macOS Monterey and macOS Ventura Impact: A maliciously crafted webpage may be able to fingerprint the user Description: An injection issue was addressed with improved validation. WebKit Bugzilla: 266703 CVE-2024-23280: an anonymous researcher WebKit Available for: macOS Monterey and macOS Ventura Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 267241 CVE-2024-23284: Georg Felber and Marco Squarcina Additional recognition Safari We would like to acknowledge Abhinav Saraswat and Matthew C for their assistance. Safari 17.4 may be obtained from the Mac App Store. All information is also posted on the Apple Security Releases web site: https://support.apple.com/en-us/HT201222. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================