-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-06-04-2 Safari 6.0.5 Safari 6.0.5 is now available and addresses the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.3 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-0879 : Atte Kettunen of OUSPG CVE-2013-0991 : Jay Civelli of the Chromium development community CVE-2013-0992 : Google Chrome Security Team (Martin Barbella) CVE-2013-0993 : Google Chrome Security Team (Inferno) CVE-2013-0994 : David German of Google CVE-2013-0995 : Google Chrome Security Team (Inferno) CVE-2013-0996 : Google Chrome Security Team (Inferno) CVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative CVE-2013-0998 : pa_kt working with HP's Zero Day Initiative CVE-2013-0999 : pa_kt working with HP's Zero Day Initiative CVE-2013-1000 : Fermin J. Serna of the Google Security Team CVE-2013-1001 : Ryan Humenick CVE-2013-1002 : Sergey Glazunov CVE-2013-1003 : Google Chrome Security Team (Inferno) CVE-2013-1004 : Google Chrome Security Team (Martin Barbella) CVE-2013-1005 : Google Chrome Security Team (Martin Barbella) CVE-2013-1006 : Google Chrome Security Team (Martin Barbella) CVE-2013-1007 : Google Chrome Security Team (Inferno) CVE-2013-1008 : Sergey Glazunov CVE-2013-1009 : Apple CVE-2013-1010 : miaubiz CVE-2013-1011 : Google Chrome Security Team (Inferno) CVE-2013-1023 : Google Chrome Security Team (Inferno) WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.3 Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-site scripting issue existed in the handling of iframes. This issue was addressed through improved origin tracking. CVE-ID CVE-2013-1012 : Subodh Iyengar and Erling Ellingsen of Facebook WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.3 Impact: Copying and pasting a malicious HTML snippet may lead to a cross-site scripting attack Description: A cross-site scripting issue existed in the handling of copied and pasted data in HTML documents. This issue was addressed through additional validation of pasted content. CVE-ID CVE-2013-0926 : Aditya Gupta, Subho Halder, and Dev Kar of xys3c (xysec.com) WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.3 Impact: Following a maliciously crafted link could lead to unexpected behavior on the target site Description: XSS Auditor may rewrite URLs to prevent cross-site scripting attacks. This may lead to a malicious alteration of the behavior of a form submission. This issue was addressed through improved validation of URLs. CVE-ID CVE-2013-1013 : Sam Power of Pentest Limited For OS X Lion systems Safari 6.0.5 is available via the Apple Software Update application. For OS X Mountain Lion systems Safari 6.0.5 is included with OS X v10.8.4. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJRrjeeAAoJEPefwLHPlZEwCm4P/3WseW2DFgYieiAHghpGQ07e /XuNWzqld4CpXyFUQDkw55DU1Y9dVIIl663rSR0VyXJDB5dMh6iHEBRHX4tarGym beZS0cDuakospFtX4MZgcKXu/8cV7b8lq9tzqH0pL419a61Fjhm1eRfDeM3snXkO kNCRi3nqOCmMroUiY+cJlKHi1x/t+2whISSM3QsIgpU5yyjEU3neMy2TPjuxC48h XZr9XaDX5cztv0MWCX+jkv+OpYPxVtPxBVw6rPLaX2eg7iwBM6yDbLF5i/4oY06t HzF2uCk8TlbFdk05Cr7HxmYV2qBei8VkcO1Mc4Ij3v3Q9iiKBRkr+d0CYQ1HSkrY igfCmfDiEpaKZfzCgwRsVFZ/UhuXTDipTFIzKrZSlbsglVyIQJtKVyyWEZDOKcYL kKCAS+ep0UyFIyeCCjFknd2hMneMR7a4u2XGJm1VtfRCA+ed3Cr0ROS+O9viGjYi Qcm+2yzlWg9vpfojv+uX+aqh6IsprhfqXuF4ypM6D98IQ3fJqx9a0tVIPniFaLuP O39M+UGtPLAw7BMiKkb4XyEajKFwJt1pfddWkC1YjKjtyRGf62BDOtY2KqEsyzpF 5nOzM3Vc+3urbur+69oqJLwRwC/PHkh1ym3LjrmqUW7+okckIGCQGt3iUwIWNKhp 2YgKISKdQYxVSfkzkqYY =jk2e -----END PGP SIGNATURE-----