APPLE-SA-11-03-2025-8 Safari 26.1
嗯,用户让我帮忙总结一下这篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述就行。 首先,我需要仔细阅读这篇文章。看起来这是一份苹果的安全公告,关于Safari浏览器和WebKit组件的更新。里面提到了多个CVE漏洞,涉及地址栏欺骗、用户界面欺骗、隐私问题以及跨站数据泄露等。 接下来,我需要提取关键信息:Safari 26.1版本更新了哪些安全问题?影响是什么?有哪些CVE编号?还有WebKit的相关漏洞。这些都需要在总结中体现出来。 然后,我要确保语言简洁明了,控制在100字以内。可能需要合并一些相似的问题,比如多次提到的进程崩溃可以归类为多个内存处理问题。 最后,检查一下是否有遗漏的重要信息,比如更新的适用系统是macOS Sonoma和Sequoia,这些也应该包含进去。 总结一下:Safari 26.1修复了多个安全漏洞,包括地址栏欺骗、UI欺骗、隐私问题和跨站数据泄露等。WebKit也修复了多个导致崩溃和内存错误的问题。 </think> Apple发布Safari 26.1安全更新修复多个漏洞,包括地址栏欺骗、用户界面欺骗、隐私偏好绕过及跨站数据泄露等问题,并改进WebKit以防止恶意内容导致的进程崩溃和内存错误。 2025-11-7 13:44:49 Author: seclists.org(查看原文) 阅读量:3 收藏
嗯,用户让我帮忙总结一下这篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述就行。 首先,我需要仔细阅读这篇文章。看起来这是一份苹果的安全公告,关于Safari浏览器和WebKit组件的更新。里面提到了多个CVE漏洞,涉及地址栏欺骗、用户界面欺骗、隐私问题以及跨站数据泄露等。 接下来,我需要提取关键信息:Safari 26.1版本更新了哪些安全问题?影响是什么?有哪些CVE编号?还有WebKit的相关漏洞。这些都需要在总结中体现出来。 然后,我要确保语言简洁明了,控制在100字以内。可能需要合并一些相似的问题,比如多次提到的进程崩溃可以归类为多个内存处理问题。 最后,检查一下是否有遗漏的重要信息,比如更新的适用系统是macOS Sonoma和Sequoia,这些也应该包含进去。 总结一下:Safari 26.1修复了多个安全漏洞,包括地址栏欺骗、UI欺骗、隐私问题和跨站数据泄露等。WebKit也修复了多个导致崩溃和内存错误的问题。 </think> Apple发布Safari 26.1安全更新修复多个漏洞,包括地址栏欺骗、用户界面欺骗、隐私偏好绕过及跨站数据泄露等问题,并改进WebKit以防止恶意内容导致的进程崩溃和内存错误。 2025-11-7 13:44:49 Author: seclists.org(查看原文) 阅读量:3 收藏
Full Disclosure mailing list archives
From: Apple Product Security via Fulldisclosure <fulldisclosure () seclists org>
Date: Mon, 03 Nov 2025 17:35:13 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-11-03-2025-8 Safari 26.1 Safari 26.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125640. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Safari Available for: macOS Sonoma and macOS Sequoia Impact: Visiting a malicious website may lead to address bar spoofing Description: The issue was addressed with improved checks. CVE-2025-43493: @RenwaX23 Safari Available for: macOS Sonoma and macOS Sequoia Impact: Visiting a malicious website may lead to user interface spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2025-43503: @RenwaX23 Safari Available for: macOS Sonoma and macOS Sequoia Impact: An app may be able to bypass certain Privacy preferences Description: A privacy issue was addressed by removing sensitive data. CVE-2025-43502: an anonymous researcher WebKit Available for: macOS Sonoma and macOS Sequoia Impact: A malicious website may exfiltrate data cross-origin Description: The issue was addressed with improved checks. WebKit Bugzilla: 276208 CVE-2025-43480: Aleksejs Popovs WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: This issue was addressed through improved state management. WebKit Bugzilla: 296693 CVE-2025-43458: Phil Beauvoir WebKit Bugzilla: 298196 CVE-2025-43430: Google Big Sleep WebKit Bugzilla: 298628 CVE-2025-43427: Gary Kwong, rheza (@ginggilBesel) WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: This issue was addressed with improved checks. WebKit Bugzilla: 299843 CVE-2025-43443: an anonymous researcher WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 298496 CVE-2025-43441: rheza (@ginggilBesel) WebKit Bugzilla: 299391 CVE-2025-43435: Justin Cohen of Google WebKit Bugzilla: 298851 CVE-2025-43425: an anonymous researcher WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: This issue was addressed with improved checks WebKit Bugzilla: 298126 CVE-2025-43440: Nan Wang (@eternalsakura13) WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 297662 CVE-2025-43438: shandikri working with Trend Micro Zero Day Initiative WebKit Bugzilla: 298606 CVE-2025-43457: Gary Kwong, Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative WebKit Bugzilla: 297958 CVE-2025-43434: Google Big Sleep WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may lead to memory corruption Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 298093 CVE-2025-43433: Google Big Sleep WebKit Bugzilla: 298194 CVE-2025-43431: Google Big Sleep WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 299313 CVE-2025-43432: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: A buffer overflow was addressed with improved bounds checking. WebKit Bugzilla: 298232 CVE-2025-43429: Google Big Sleep WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: Multiple issues were addressed by disabling array allocation sinking. WebKit Bugzilla: 300718 CVE-2025-43421: Nan Wang (@eternalsakura13) WebKit Canvas Available for: macOS Sonoma and macOS Sequoia Impact: A website may exfiltrate image data cross-origin Description: The issue was addressed with improved handling of caches. WebKit Bugzilla: 297566 CVE-2025-43392: Tom Van Goethem Additional recognition Safari We would like to acknowledge Barath Stalin K for their assistance. Safari Downloads We would like to acknowledge Saello Puza for their assistance. WebKit We would like to acknowledge Enis Maholli (enismaholli.com), Google Big Sleep for their assistance. Safari 26.1 may be obtained from the Mac App Store. All information is also posted on the Apple Security Releases web site: https://support.apple.com/100100. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEhjkl+zMLNwFiCT1o4Ifiq8DH7PUFAmkJTeQACgkQ4Ifiq8DH 7PU7fw//TLFemkruZb9vOnhfvX3jmvIEwzvFE6RYXSn8i4eCHdZdl7weMBhWzeOS NZ/zTDeqhOLebBDpwZHt0rlPE/mt+OHS9aLsyL89DYTalNkTXG5LXWSgsxDzQwg/ +Uzem1q6W7Yv8hWiAMAL4d6cy3Swt5TsZGtbMfGiALMG0E/R/EMNknBoFxHLp0AZ IPlYNYN33aLqk7PCosiPurkyI3eAS7QHpx9WIfBjQMljGQyo7c4+M5pvzrWte0ck t4yxbOMD9i+PiX6h6Qtq21H62AeP4n55cENkvwhU/VAdoHfa49g6MqzMpiJD3CT7 s28kSeHZ7rzsw1nJHMNPkV9TxLdPk+gBqeQm/njvdvWNhCjVoruX1Et8Z/jz6xTr KPXi5e609mRXpauOLrjpY1gFOoC15UC/PYGF2E7peiChMvRGD8hA+wm+rFCE3aum tzv1MxkBZVROsCk9YyWIRTEsGAQBqqU4wf5DMO5vUD9ltSLNT4yJP6ZM4WTE8OAE jzb6O2TN8aSEDv26RISFnyVE3nDLLOmYNwi0nHtjO1y2ZLdVHSLS++axNn18wuvl /uZM8NLNwcEsKAcRF2KMqcEfGO1XOAMiaFxkAoHdnxgWpT3AN02pUcQJsuflQlO0 aW/f0joWpxiHhw9cANB7nVcwbB1UdBa3pFw5NlG1bFd5aVvRa4M= =91eP -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- APPLE-SA-11-03-2025-8 Safari 26.1 Apple Product Security via Fulldisclosure (Nov 07)
文章来源: https://seclists.org/fulldisclosure/2025/Nov/9
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh