-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-04-08-1 Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 are now available and address the following: Safari Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: Users may be tracked by malicious websites using client certificates Description: An issue existed in Safari's client certificate matching for SSL authentication. This issue was addressed by improved matching of valid client certificates. CVE-ID CVE-2015-1129 : Stefan Kraus of fluid Operations AG, Sylvain Munaut of Whatever s.a. Safari Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: Notifications preferences may reveal users' browsing history in private browsing mode Description: Responding to push notification requests in private browsing mode revealed users' browsing history. This issue was addressed by disabling push notification prompts in private browsing mode. CVE-ID CVE-2015-1128 : Joseph Winn of Credit Union Geek Safari Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: Users' browsing history may not be completely purged Description: A state management issue existed in Safari that resulted in users' browsing history not being purged from history.plist. This issue was addressed by improved state management. CVE-ID CVE-2015-1112 : William Breuer, The Netherlands WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-1119 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2015-1120 : Apple CVE-2015-1121 : Apple CVE-2015-1122 : Apple CVE-2015-1124 : Apple WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: Users' browsing history in private mode may be indexed Description: A state management issue existed in Safari that inadvertently indexed users' browsing history when in private browsing mode. This issue was addressed by improved state management. CVE-ID CVE-2015-1127 : Tyler C WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: Visiting a maliciously crafted website may lead to resources of another origin being accessed Description: An issue existed in WebKit's credential handling for FTP URLs. This issue was addressed by improved URL decoding. CVE-ID CVE-2015-1126 : Jouko Pynnonen of Klikki Oy Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJVJG6MAAoJEBcWfLTuOo7tL3cP/RVZlw3sp/ze1r1hSxcezN/Z w/uAPiqzud607Aqqwsg1YI4WzqCoIVLEb6N40eNGn7aTFkgOrBlYhsxTNHNnx2cM 3/HkDKMZo0bhO/fIqa9YfyG/KbgFKQMM0/eECNccEkQp6/DLHLJIwS0+QW0oBZ9q m9bBNTHFQxvJA9or3cn/eFV1zWVvr5RjpwR595tzWpYLIbIqTX901VAbBMOKvqtl 8b5NMmLNoEmfKGWWRqa5RmguFNnnANi3m+6PgU6fNU82dm8mif+ONDhDeyC43MH0 cxeeKZcWBGdYel9C/ctSF9SsnKhqAukIMoMppYLLL8AFHBPd504w1oXoS6UiE/go GrCXwzyxOklGQriyeMS/nsSn+AryJzQP3hXgWjAd8HuSIKCff9iaZBk5OxjK1Cwi k0zSx0qDJAHo1nlUhawYjQVhD7QEtkV7QO6hb4W22h5r/0MJGNuPsh9Mw2u6gIW6 l+p2x3D64xjfh+EclWerMhN+tqBR3RokkdkvNxhStdsz6dkA21ynaHMiaYN3lff7 DDINEP6dDiLi8AGP9P9pjYl3wMVgVTyFgMGL7cUMx8GIrm4pp8YAkhj2yWOM/ns0 Mycgrf+h0tFZYTvvojWlyo4rqx9J8te7dEiHjmg8l0OrOHXzmqQhDwOIWbH8fIGO CfE7FxlOHEHgzh+bzKvG =Df4l -----END PGP SIGNATURE-----