Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN616 _____________________________________________________________________ DATE : 16/09/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Safari versions prior to 26. ===================================================================== https://lists.apple.com/archives/security-announce/2025/Sep/msg00010.html _____________________________________________________________________ APPLE-SA-09-15-2025-11 Safari 26 Safari 26 addresses the following issues. Information about the security content is also available at https://support.apple.com/125113. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Safari Available for: macOS Sonoma and macOS Sequoia Impact: Visiting a malicious website may lead to address bar spoofing Description: The issue was addressed by adding additional logic. CVE-2025-43327: @RenwaX23 Safari Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may lead to unexpected URL redirection Description: This issue was addressed with improved URL validation. CVE-2025-31254: Evan Waelde WebKit Available for: macOS Sonoma and macOS Sequoia Impact: A website may be able to access sensor information without user consent Description: The issue was addressed with improved handling of caches. WebKit Bugzilla: 296153 CVE-2025-43356: Jaydev Ahire WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 294550 CVE-2025-43272: Big Bear WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 296490 CVE-2025-43343: an anonymous researcher WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: A correctness issue was addressed with improved checks. WebKit Bugzilla: 296042 CVE-2025-43342: an anonymous researcher WebKit Process Model Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 296276 CVE-2025-43368: Pawel Wylecial of REDTEAM.PL working with Trend Micro Zero Day Initiative Additional recognition libxml2 We would like to acknowledge Nathaniel Oh (@calysteon) for their assistance. Safari We would like to acknowledge HitmanAlharbi (@HitmanF15), Jaydev Ahire, Kenneth Chew for their assistance. WebKit We would like to acknowledge Bob Lord, Matthew Liang, Mike Cardwell of grepular.com, Stanley Lee Linton, Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. Safari 26 may be obtained from the Mac App Store. All information is also posted on the Apple Security Releases web site: https://support.apple.com/100100. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================