Home / mailings APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0
Posted on 13 November 2020
Apple Security-announceAPPLE-SA-2020-11-13-5 Additional information for
APPLE-SA-2020-09-16-3 Safari 14.0
Safari 14.0 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT211845.
Safari
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The issue was addressed with improved UI handling.
CVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba,
Piotr Duszynski
Entry added November 12, 2020
Safari
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2020-9987: Rafay Baloch (cybercitadel.com) of Cyber Citadel
Entry added November 12, 2020
WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-9948: Brendan Draper (@6r3nd4n) working with Trend Micro
Zero Day Initiative
WebKit
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9947: cc working with Trend Micro Zero Day Initiative
CVE-2020-9950: cc working with Trend Micro Zero Day Initiative
CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos
Entry updated November 12, 2020
WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9952: Ryan Pickren (ryanpickren.com)
WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9983: zhunki
Additional recognition
Safari
We would like to acknowledge @PaulosYibelo of Limehats, Ryan Pickren
(ryanpickren.com) for their assistance.
Entry added November 12, 2020
Safari Reader
We would like to acknowledge Zhiyang Zeng(@Wester) of OPPO ZIWU
Security Lab for their assistance.
Entry added November 12, 2020
WebKit
We would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan
Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang
Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance.
Entry added November 12, 2020
Installation note:
Safari 14.0 may be obtained from the Mac App Store.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
