APPLE-SA-03-24-2026-9 Safari 26.4
好的,我现在需要帮用户总结一篇文章的内容,控制在100个字以内。首先,我得仔细阅读用户提供的文章内容。 这篇文章看起来是苹果的安全公告,关于Safari浏览器26.4版本的更新。里面提到了多个WebKit的安全漏洞,包括CSP绕过、跨站脚本攻击、内存处理问题等。每个漏洞都有对应的CVE编号和修复说明。 接下来,我需要提取关键信息:Safari版本号、更新日期、涉及的漏洞数量和类型。同时,还要注意文章中提到的受影响的操作系统是macOS Sonoma和Sequoia。 用户要求总结控制在100字以内,并且不需要特定的开头。因此,我应该简洁明了地概括主要内容,包括更新版本、修复的问题类型和数量,以及影响的操作系统。 最后,确保语言流畅自然,不使用任何专业术语或复杂结构,让用户一目了然。 </think> 苹果发布Safari 26.4更新修复多个WebKit安全漏洞,涉及CSP绕过、跨站脚本攻击、内存处理问题等。 2026-3-29 03:11:10 Author: seclists.org(查看原文) 阅读量:4 收藏
好的,我现在需要帮用户总结一篇文章的内容,控制在100个字以内。首先,我得仔细阅读用户提供的文章内容。 这篇文章看起来是苹果的安全公告,关于Safari浏览器26.4版本的更新。里面提到了多个WebKit的安全漏洞,包括CSP绕过、跨站脚本攻击、内存处理问题等。每个漏洞都有对应的CVE编号和修复说明。 接下来,我需要提取关键信息:Safari版本号、更新日期、涉及的漏洞数量和类型。同时,还要注意文章中提到的受影响的操作系统是macOS Sonoma和Sequoia。 用户要求总结控制在100字以内,并且不需要特定的开头。因此,我应该简洁明了地概括主要内容,包括更新版本、修复的问题类型和数量,以及影响的操作系统。 最后,确保语言流畅自然,不使用任何专业术语或复杂结构,让用户一目了然。 </think> 苹果发布Safari 26.4更新修复多个WebKit安全漏洞,涉及CSP绕过、跨站脚本攻击、内存处理问题等。 2026-3-29 03:11:10 Author: seclists.org(查看原文) 阅读量:4 收藏
Full Disclosure mailing list archives
From: Apple Product Security via Fulldisclosure <fulldisclosure () seclists org>
Date: Tue, 24 Mar 2026 17:04:55 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-03-24-2026-9 Safari 26.4 Safari 26.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126800. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: This issue was addressed through improved state management. WebKit Bugzilla: 304951 CVE-2026-20665: webb WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may bypass Same Origin Policy Description: A cross-origin issue in the Navigation API was addressed with improved input validation. WebKit Bugzilla: 306050 CVE-2026-20643: Thomas Espach WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack Description: A logic issue was addressed with improved checks. WebKit Bugzilla: 305859 CVE-2026-28871: @hamayanhamayan WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 306136 CVE-2026-20664: Daniel Rhea, Söhnke Benedikt Fischedick (Tripton), Emrovsky & Switch, Yevhen Pervushyn WebKit Bugzilla: 307723 CVE-2026-28857: Narcis Oliveras Fontàs, Söhnke Benedikt Fischedick (Tripton), Daniel Rhea, Nathaniel Oh (@calysteon) WebKit Available for: macOS Sonoma and macOS Sequoia Impact: A malicious website may be able to access script message handlers intended for other origins Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 307014 CVE-2026-28861: Hongze Wu and Shuaike Dong from Ant Group Infrastructure Security Team WebKit Available for: macOS Sonoma and macOS Sequoia Impact: A malicious website may be able to process restricted web content outside the sandbox Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 308248 CVE-2026-28859: greenbynox, Arni Hardarson WebKit Sandboxing Available for: macOS Sonoma and macOS Sequoia Impact: A maliciously crafted webpage may be able to fingerprint the user Description: An authorization issue was addressed with improved state management. WebKit Bugzilla: 306827 CVE-2026-20691: Gongyu Ma (@Mezone0) Additional recognition Safari We would like to acknowledge @RenwaX23, Bikesh Parajuli, Farras Givari, Syarif Muhammad Sajjad, Yair for their assistance. Web Extensions We would like to acknowledge Carlos Jeurissen, Rob Wu (robwu.nl) for their assistance. WebKit We would like to acknowledge Vamshi Paili for their assistance. WebKit Process Model We would like to acknowledge Joseph Semaan for their assistance. Safari 26.4 may be obtained from the Mac App Store. All information is also posted on the Apple Security Releases web site: https://support.apple.com/100100. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEhjkl+zMLNwFiCT1o4Ifiq8DH7PUFAmnDI3cACgkQ4Ifiq8DH 7PVxbhAAjKhMueqDcKyrInphYGj1a8Sop8rkiE/udJoWVtHMqalM9dRZ4xFdwgyC smpY8Zo3oGJpU52GAaXETErpRlreGc+SOjnEYiZBUphEgbYSDFsVS+n5+MJZPUq1 yNrpTl+UWrtQtAM8brKmhGGsalZpB23MgkhnpXe44iKEqfBui3KAOXBLcS/QX7Le hjQAJ7tTVuMQQR5FzQpEV0l3IOUfXtqTIc7MuNpBvZS39B3LOoECmyQ+Z3FXIFxR 1w+TKXURjPTF9Z5jGjONdTHMT2UCMfnE2ddXN5s+/sIfy9U0LZBx46YeX+OSbkkt +cSBKY/YIR+qmd/gQUy0taP5D1IPmhHpG35krvkG0/BCLoNeErXFoJ7xHrmRy+G2 FNpj1IevWYCx5oMw/3Nqd9iZ4fnORbPFvQhNwNYB2EUPsmVha6GZfN42YKir82SH jJi/OexQqcgTbiVdRj8IIYTGFeZWp+5ZBJTlRzq/nSJfOn92Y2mqEBPMkJRog0Qj 0HF5AyBBd2jDHxbHAn9C1xWnzDVQxtl4Hc/V8RFDrpBsRXLbonhtW3oPb6smY0de bqkch7wqyz9rSB1bcuHYlD8j2xUB8ssFT9A6+r0cpia+E2ZHyBXuw1NlBUgqTw3Z Ev3BI+dfPIL/EmJp2N9At0MEt4wIGUefuFlgAnINHj9DRroFktk= =5McV -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- APPLE-SA-03-24-2026-9 Safari 26.4 Apple Product Security via Fulldisclosure (Mar 28)
文章来源: https://seclists.org/fulldisclosure/2026/Mar/24
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh