Apple Safari 5.1.10 Security Update: JavaScriptCore Memory Corruption Fixes (CVE-2012-3748, CVE-2013-0997)

Below is a summary of key information regarding security content in Safari 5.1.10: Document Overview: This document details the security updates included in Safari 5.1.10. Security Policy: - Apple does not disclose, discuss, or confirm security issues in its products until a thorough investigation is completed and relevant patches or updates are released. - For more information on Apple product security, visit the Apple Product Security website. - For information regarding Apple Product Security PGP keys, refer to "How to use the Apple Product Security PGP Key". Vulnerability Identification and Classification: - CVE IDs are used wherever possible to reference specific vulnerabilities, enabling users to obtain more detailed information. Update Path: - Users can find information about other security updates via “Apple Security Updates”. Specific Update Details: - JavaScriptCore: - Affected Versions: Mac OS X v10.6.8, Mac OS X Server v10.6.8. - Impact: Visiting a maliciously crafted website could lead to unexpected application termination or arbitrary code execution. - Description and Fix: These vulnerabilities stemmed from multiple memory corruption issues in JavaScriptCore’s JSArray::sort() method, which were resolved by adding boundary checks. - Associated CVE-IDs: - CVE-2012-3748: Discovered by Joost Pol and Daan Keuper in collaboration with HP TippingPoint’s Zero Day Initiative. - CVE-2013-0997: Discovered by Vitaliy Toropov in collaboration with HP’s Zero Day Initiative. Release Date: November 3, 2023. The above information is based on Apple’s official security update details for Safari 5.1.10, covering multiple aspects, with a primary focus on the JavaScriptCore vulnerabilities addressed and the corresponding security enhancements.

Goal Reached Thanks to every supporter — we hit 100%!

Apple Safari 5.1.10 Security Update: JavaScriptCore Memory Corruption Fixes (CVE-2012-3748, CVE-2013-0997)