Home / mailingsPDF  

APPLE-SA-2023-03-27-8 Safari 16.4

Posted on 28 March 2023
Apple Security-announce

APPLE-SA-2023-03-27-8 Safari 16.4

Safari 16.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213671.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may bypass Same
Origin Policy
Description: This issue was addressed with improved state management.
WebKit Bugzilla: 248615
CVE-2023-27932: an anonymous researcher

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: A website may be able to track sensitive user information
Description: The issue was addressed by removing origin information.
WebKit Bugzilla: 250837
CVE-2023-27954: an anonymous researcher

Additional recognition

CFNetwork
We would like to acknowledge an anonymous researcher for their
assistance.

WebKit
We would like to acknowledge an anonymous researcher for their
assistance.

WebKit Web Inspector
We would like to acknowledge Dohyun Lee (@l33d0hyun) and crixer
(@pwning_me) of SSD Labs for their assistance.

Safari 16.4 may be obtained from the Mac App Store.
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

 

TOP