Headline
Apple Security Advisory 05-13-2024-1
Apple Security Advisory 05-13-2024-1 - Safari 17.5 addresses a bypass vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-05-13-2024-1 Safari 17.5
Safari 17.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214103.
Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
WebKit
Available for: macOS Monterey and macOS Ventura
Impact: An attacker with arbitrary read and write capability may be able
to bypass Pointer Authentication
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 272750
CVE-2024-27834: Manfred Paul (@_manfp) working with Trend Micro’s Zero
Day Initiative
Additional recognition
Safari Downloads
We would like to acknowledge Arsenii Kostromin (0x3c3e) for their
assistance.
Safari 17.5 may be obtained from the Mac App Store.
All information is also posted on the Apple Security Releases
web site: https://support.apple.com/HT201222.
This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZCrkgACgkQX+5d1TXa
Ivparg//cfUi2Ylya0hfHUzbXtVdoWnbLApJOXFxAQM/DgKBGg+dtJnVyMNN+I1D
lN8SOuVIxVK+WedX4OKIdKgFlj48ucLdBAIExRqBq6VdSmlL6JK6WVSa3Vrw2ihC
U7DH0EtREotFgHPiJQMvmxORIUYONAoWHmgqaYNIcKfO6LByp4nN+VcQLjWmlQmn
jwXigd6pho/+udTEZesFmBNMnTMoRXiR5v+2kBmFj4BOFkZG1oMXqdPtF8MJDVaW
McjQBqGHs/ijyyAAd96swKZSvnCFEUQcgV888aJFjHFjyhNz1VC+AsaPT8bHnWh7
UvkWKgyyMdWMXpC0P9Et2Su4OddCQ/8Z7PI2M3rLL8V75Zq//l7q7wqpkEPFv/BM
LRcEHP5bWSRFWV57mFLsb44WAxEzl1R1ezroW8oh78gHd5s1upms4fhu6aohO6/E
jyd9OLwshu8jmEkeJXbcnZh1qiKauaLGoYP/kxFNoEKmexoWMxOrP+d599BgaMvw
tgGwvuENUE7pnRUWLBqc3T8rtDktUjdSEFBn74bzycc+GNzqbbrQTPm7SlG7t7fJ
jKQU7gbzViA/P32vLkwwrLMk0w0HsCuyJ8YdRd5tBcegIxZ6z2hLsiUtiHCSF5Wu
lZZ+QLteehEkHYqafuV4vbCqYeySJveKwi6+TFVI73u/XzsYGcc=
=Ypt5
-----END PGP SIGNATURE-----
Related news
Ubuntu Security Notice 6788-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Debian Linux Security Advisory 5695-1 - Manfred Paul discovered that an attacker with arbitrary read and write capability may be able to bypass Pointer Authentication in the WebKitGTK web engine.
Apple Security Advisory 05-13-2024-8 - tvOS 17.5 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 05-13-2024-7 - watchOS 10.5 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 05-13-2024-4 - macOS Sonoma 14.5 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 05-13-2024-2 - iOS 17.5 and iPadOS 17.5 addresses bypass and code execution vulnerabilities.