Alert GCSA-14013 - Vulnerabilita' in Apple Safari
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-14013
Data: 23 Maggio 2014
Titolo: Vulnerabilita' in Apple Safari
******************************************************************
:: Descrizione del problema
Sono state identificate varie vulnerabilita' in Apple Safari per
Mac OS X, che potrebbero essere sfruttate da un attaccante remoto
per oltrepassare alcune restrizioni di sicurezza, compromettere un
sistema utente, effettuare attacchi di tipo spoofing and cross-site
scripting.
Per una descrizione completa delle vulnerabilita' fare riferimento
alla segnalazione ufficiale di Apple.
:: Piattaforme e Software interessati
Apple Safari precedente a 6.1.4
Apple Safari precedente a 7.0.4
:: Impatto
Exposure of sensitive information
Manipolazione di dati
Denial of Service
Accesso al sistema
Spoofing
Cross site scripting
:: Soluzioni
Aggiornare Safari alla versione 6.1.4 o 7.0.4.
utilizzando l'applicazione Apple Software Update
:: Riferimenti
Apple
http://support.apple.com/kb/HT6254
SecurityTracker
http://www.securitytracker.com/id/1030269
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2875
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1344
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1731
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFTf2AlwZxMk2USYEIRAlYyAKCWdIFQkbWH0LMhQhaJWb0SqAvT8QCgmd/a
iOZ939pFCL6EX7NOdl7FKI0=
=a+4/
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-14013
Data: 23 Maggio 2014
Titolo: Vulnerabilita' in Apple Safari
******************************************************************
:: Descrizione del problema
Sono state identificate varie vulnerabilita' in Apple Safari per
Mac OS X, che potrebbero essere sfruttate da un attaccante remoto
per oltrepassare alcune restrizioni di sicurezza, compromettere un
sistema utente, effettuare attacchi di tipo spoofing and cross-site
scripting.
Per una descrizione completa delle vulnerabilita' fare riferimento
alla segnalazione ufficiale di Apple.
:: Piattaforme e Software interessati
Apple Safari precedente a 6.1.4
Apple Safari precedente a 7.0.4
:: Impatto
Exposure of sensitive information
Manipolazione di dati
Denial of Service
Accesso al sistema
Spoofing
Cross site scripting
:: Soluzioni
Aggiornare Safari alla versione 6.1.4 o 7.0.4.
utilizzando l'applicazione Apple Software Update
:: Riferimenti
Apple
http://support.apple.com/kb/HT6254
SecurityTracker
http://www.securitytracker.com/id/1030269
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2875
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1344
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1731
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFTf2AlwZxMk2USYEIRAlYyAKCWdIFQkbWH0LMhQhaJWb0SqAvT8QCgmd/a
iOZ939pFCL6EX7NOdl7FKI0=
=a+4/
-----END PGP SIGNATURE-----