Home / mailings APPLE-SA-2013-09-12-2 Safari 5.1.10
Posted on 12 September 2013
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-09-12-2 Safari 5.1.10
Safari 5.1.10 is now available and addresses the following:
JavaScriptCore
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in
JavaScriptCore's JSArray::sort() method. These issues were addressed
through additional bounds checking.
CVE-ID
CVE-2012-3748 : Joost Pol and Daan Keuper of Certified Secure working
with HP TippingPoint's Zero Day Initiative
CVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative
Safari 5.1.10 is available via the Apple Software Update
application, or Apple's Safari download site at:
http://support.apple.com/downloads/#safari
Safari for Mac OS X v10.6.8
The download file is named: Safari5.1.10SnowLeopardManual.dmg
Its SHA-1 digest is: 16fa66d8c8336688d983e1f125f773bb45fa3897
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
