{"id":59773,"date":"2024-09-17T21:29:42","date_gmt":"2024-09-17T18:29:42","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/181570\/APPLE-SA-09-16-2024-6.txt"},"modified":"2024-09-17T21:29:42","modified_gmt":"2024-09-17T18:29:42","slug":"apple-security-advisory-09-16-2024-6","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/apple-security-advisory-09-16-2024-6\/","title":{"rendered":"Apple Security Advisory 09-16-2024-6"},"content":{"rendered":"<p>&#8212;&#8211;BEGIN PGP SIGNED MESSAGE&#8212;&#8211;<br \/>Hash: SHA256<\/p>\n<p>APPLE-SA-09-16-2024-6 Safari 18<\/p>\n<p>Safari 18 addresses the following issues.<br \/>Information about the security content is also available at<br \/>https:\/\/support.apple.com\/121241.<\/p>\n<p>Apple maintains a Security Releases page at<br \/>https:\/\/support.apple.com\/100100 which lists recent<br \/>software updates with security advisories.<\/p>\n<p>WebKit<br \/>Available for: macOS Ventura and macOS Sonoma<br \/>Impact: Visiting a malicious website may lead to address bar spoofing<br \/>Description: The issue was addressed with improved UI.<br \/>WebKit Bugzilla: 279451<br \/>CVE-2024-40866: Hafiizh and YoKo Kho (@yokoacc) of HakTrak<\/p>\n<p>WebKit<br \/>Available for: macOS Ventura and macOS Sonoma<br \/>Impact: A malicious website may exfiltrate data cross-origin<br \/>Description: A cross-origin issue existed with &#8220;iframe&#8221; elements. This<br \/>was addressed with improved tracking of security origins.<br \/>WebKit Bugzilla: 279452<br \/>CVE-2024-44187: Narendra Bhati, Manager of Cyber Security at Suma Soft<br \/>Pvt. Ltd, Pune (India)<\/p>\n<p>WebKit<br \/>Available for: macOS Ventura and macOS Sonoma<br \/>Impact: Processing maliciously crafted web content may lead to universal<br \/>cross site scripting<br \/>Description: This issue was addressed through improved state management.<br \/>WebKit Bugzilla: 268724<br \/>CVE-2024-40857: Ron Masas<\/p>\n<p>Additional recognition<\/p>\n<p>Safari<br \/>We would like to acknowledge Hafiizh and YoKo Kho (@yokoacc) of HakTrak<br \/>for their assistance.<\/p>\n<p>Safari 18 may be obtained from the Mac App Store.<\/p>\n<p>All information is also posted on the Apple Security Releases<br \/>web site: https:\/\/support.apple.com\/100100.<\/p>\n<p>This message is signed with Apple&#8217;s Product Security PGP key,<br \/>and details are available at:<br \/>https:\/\/www.apple.com\/support\/security\/pgp\/<br \/>&#8212;&#8211;BEGIN PGP SIGNATURE&#8212;&#8211;<\/p>\n<p>iQIzBAEBCAAdFiEEsz9altA7uTI+rE\/qX+5d1TXaIvoFAmboyScACgkQX+5d1TXa<br \/>Ivr5URAAqi3Km6vP17ccXkXlrcDJXrYE+HSdkDkqlpT0hNsfLCcpfbZME8R02efV<br \/>lzb8JZ7DdtWI4U0WKjvJvmIhm0Ik2S1stYCNaxAtEBJ6YUYIJE5lJS4J\/D3J1QTd<br \/>5ygCi+zEzPnRjQx2BZ1Ju3VQdpDen50vTBY\/cdqrujtbZ5s4wY2K2qV5SaPv7\/zY<br \/>6KChB6ivmuEN\/iEN5e\/ppTr3lAC1Hw1GFsD6xqnxK+USyydYGryQHvCzoidYjoaB<br \/>7MkfwASZ\/+RmdeCK+6pcN4NP8MRszViGas0GtZe+y7O\/Pu6gc6PRrpD2s2LJKUta<br \/>id0ofA1EtL+IRav\/wXvJbvTBQc2vWhOrFWL4rP\/9znCW2wtO8neayKewWYal1ClZ<br \/>Jn75AOig5pfk6\/aTtFFVXn\/869PlolaVWe\/jQuTVHvXX+N1nuDCriTRpVsz\/XMdb<br \/>3kWqsgMMxKjJnFQoprKpJcAA+vc28L5WLBxhXgGkcb8DML70YNg96CsH3w+qUrJL<br \/>w9+AiGrgBECU3MhQOENtE8AmTmYMDCxjnEI8pYcsu5mKmLHkBnjRhYArLP+Se+3d<br \/>PLHvbAaZf\/cmO7Vm4A2uu1bhqf+E3UJLIlkIGMcwp+vQBiSAT70hri8J6fcaCvLq<br \/>Hw7rhBt\/najjjENdErB9REmqAjkJY3vP2K4pjE\/1PNXmHd5tQu4=<br \/>=q+\/h<br \/>&#8212;&#8211;END PGP SIGNATURE&#8212;&#8211;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8212;&#8211;BEGIN PGP SIGNED MESSAGE&#8212;&#8211;Hash: SHA256 APPLE-SA-09-16-2024-6 Safari 18 Safari 18 addresses the following issues.Information about the security content is also available athttps:\/\/support.apple.com\/121241. Apple maintains a Security Releases page athttps:\/\/support.apple.com\/100100 which lists recentsoftware updates with security advisories. WebKitAvailable for: macOS Ventura and macOS SonomaImpact: Visiting a malicious website may lead to address bar spoofingDescription: The issue &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-59773","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/59773","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=59773"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/59773\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=59773"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=59773"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=59773"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}