This issue is fixed in Safari 15.5, macOS High Sierra 10.13.1. It may be possible to use social engineering techniques to trick users into installing a malicious extension. An issue existed with extensions hosted on wrong repos that could lead to arbitrary code execution. This issue is fixed in Safari 15.5, macOS High Sierra 10.13. An issue existed in WebKit where array values could be dereference incorrectly when under certain circumstances. An attacker could leverage this issue to execute arbitrary code. This issue is fixed in Safari 15.5, macOS High Sierra 10.13. An issue existed with WebRTC that could lead to remote code execution when using a maliciously crafted extension. This issue is fixed in Safari 15.5, macOS High Sierra 10.13. An issue existed with WebRTC where it was possible for a malicious extension to access content from any website. An attacker could leverage this issue to install a malicious extension. This issue is fixed in Safari 15.5, macOS High Sierra 10.13. An issue existed with WebRTC where it was possible for a malicious extension to access local files. An attacker could leverage this issue to install a malicious extension. This issue is fixed in Safari 15.5, macOS High Sierra 10.13. An issue existed where WebExtension could access restricted API. An attacker could leverage this issue to install a malicious extension. This issue is fixed in Safari 15.5, macOS High Sierra 10.13. An
Safari Blind Security Update
The Safari security update addresses a number of issues that could potentially allow an attacker to trick users into installing a malicious extension. The update is available for macOS High Sierra 10.13 and Safari 15.5 on all systems running the latest version of Safari.
Timeline
Published on: 09/20/2022 21:15:00 UTC
Last modified on: 09/22/2022 16:59:00 UTC