Headline
Apple Security Advisory 10-29-2024-1
Apple Security Advisory 10-29-2024-1 - Safari 18.1 addresses an information leakage vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-10-29-2024-1 Safari 18.1
Safari 18.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121571.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Safari Downloads
Available for: macOS Ventura and macOS Sonoma
Impact: An attacker may be able to misuse a trust relationship to
download malicious content
Description: This issue was addressed through improved state management.
CVE-2024-44259: Narendra Bhati, Manager of Cyber Security at Suma Soft
Pvt. Ltd, Pune (India)
Safari Private Browsing
Available for: macOS Ventura and macOS Sonoma
Impact: Private browsing may leak some browsing history
Description: An information leakage was addressed with additional
validation.
CVE-2024-44229: Lucas Di Tomase
WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: Processing maliciously crafted web content may prevent Content
Security Policy from being enforced
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 278765
CVE-2024-44296: Narendra Bhati, Manager of Cyber Security at Suma Soft
Pvt. Ltd, Pune (India)
WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: A memory corruption issue was addressed with improved input
validation.
WebKit Bugzilla: 279780
CVE-2024-44244: an anonymous researcher, Q1IQ (@q1iqF) and P1umer
(@p1umer)
Additional recognition
Safari Private Browsing
We would like to acknowledge an anonymous researcher, r00tdaddy for
their assistance.
Safari Tabs
We would like to acknowledge Jaydev Ahire for their assistance.
Safari 18.1 may be obtained from the Mac App Store.
All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.
This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmchbpEACgkQX+5d1TXa
Ivr5gBAAk50bIQ2NvoHDWo1ss9TLbGh9aa2RAHRPS0HqbBmnolc5tcrB1wKorkaf
FF6lACO/OOti2KjAX44zfLl+9zHMsEFzDkmrY8VosFkYAaLUOly/xYaCUcQcuhLC
VZy4Moviip3ImFDvR/EjO8vI/7GAjt3XafvRf1k5+w5xzmCuM8mhzLSfs1s4/lxd
EThQBB7oA18grjnxJqAh9tBwquUkfmGuY9twsNH5qccv+wgw9gYvCIr0jbtCn2vz
K5FHY/RDmMOfoLZ3am0JqrWd/7uO3bWHYQzS5H501x2tsLJw6Hwy9u+P2NxvRzXd
pu6WJ22Adei85x5o34W+K42iannlzpgMnMeT81khVzVTY1HKPBikZ1wS13kZ9UyY
j9dnW0NReyKhDYzFPiTehgC2mErmFWzLtRzxzs/Af7iVadAXw+6evBtP5FIzEqFX
FfbhS+0icaU3FGklxcD+5++T+OKvo5hDAVjp7lGbBv5C2WvlpuNfmdIXkqYbzpdv
mIujHNTWNYArlIkXr7vUVOHdB//BtfbIGZdjddYpZbx7q6KxX+z8q+NQ/8ESEUXZ
KIF0cOAI1P2nVdALfpMaqKVFJa+BfwhWklscDDgPOpVQy0I5cIFJj7MVves534js
sR+tn4B5jKfe6tmLy1xkgqpTYcdPe/TzW0tc6IRidvYVk3zhpMA=
=9Fs5
-----END PGP SIGNATURE-----
Related news
Ubuntu Security Notice 7113-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Red Hat Security Advisory 2024-9680-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-9653-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-9637-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Debian Linux Security Advisory 5804-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher, Q1IQ (@q1iqF) and P1umer discovered that processing maliciously crafted web content may lead to an unexpected process crash. Narendra Bhati discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced.
Apple Security Advisory 10-28-2024-8 - visionOS 2.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-8 - visionOS 2.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-8 - visionOS 2.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-8 - visionOS 2.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-7 - tvOS 18.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-7 - tvOS 18.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-6 - watchOS 11.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-6 - watchOS 11.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-3 - macOS Sequoia 15.1 addresses bypass, information leakage, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-3 - macOS Sequoia 15.1 addresses bypass, information leakage, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-3 - macOS Sequoia 15.1 addresses bypass, information leakage, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-3 - macOS Sequoia 15.1 addresses bypass, information leakage, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-2 - iOS 17.7.1 and iPadOS 17.7.1 addresses buffer overflow, information leakage, and out of bounds read vulnerabilities.
Apple Security Advisory 10-28-2024-2 - iOS 17.7.1 and iPadOS 17.7.1 addresses buffer overflow, information leakage, and out of bounds read vulnerabilities.
Apple Security Advisory 10-28-2024-1 - iOS 18.1 and iPadOS 18.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-1 - iOS 18.1 and iPadOS 18.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-1 - iOS 18.1 and iPadOS 18.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-1 - iOS 18.1 and iPadOS 18.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.