This issue was resolved by updating JavaScriptCore to version 0.9.6.
CVE-2017-5526 An exploitable condition exists in the handling of file:// URLs. By convincing a user to visit a specially crafted website, an attacker can convince the browser to redirect to a file:// URL. However, the URL will be processed as JavaScript code, which can be exploited to execute arbitrary code. This was addressed in WebKitGTK+. This issue was resolved by updating WebKitGTK+ to version 0.9.7.
CVE-2017-5525 An exploitable condition exists in how the handling of file:// URLs is implemented. By convincing a user to visit a specially crafted website, an attacker can redirect the browser to a file:// URL. However, the URL will be processed as JavaScript code, which can be exploited to execute arbitrary code. This was addressed in WebKitGTK+. This issue was resolved by updating WebKitGTK+ to version 0.9.7.
CVE-2017-5524 An exploitable condition exists in how the handling of file:// URLs is implemented. By convincing a user to visit a specially crafted website, an attacker can redirect the browser to a file:// URL. However, the URL will be processed as JavaScript code, which can be exploited to execute arbitrary code. This was addressed in WebKitGTK+. This issue was resolved by updating WebKitGTK+ to version 0.9.7.
Supported Versions
WebKitGTK+ has been updated to 0.9.7.
Safari 6.2 .2
Apple has released Safari 6.2.2 for OS X v10.9.5 and OS X v10.10.5, which addresses the following vulnerabilities:
- CVE-2017-5524 An exploitable condition exists in how the handling of file:// URLs is implemented. By convincing a user to visit a specially crafted website, an attacker can redirect the browser to a file:// URL. However, the URL will be processed as JavaScript code, which can be exploited to execute arbitrary code. This was addressed in WebKitGTK+. This issue was resolved by updating WebKitGTK+ to version 0.9.7.
- CVE-2017-5525 An exploitable condition exists in how the handling of file:// URLs is implemented. By convincing a user to visit a specially crafted website, an attacker can redirect the browser to a file:// URL. However, the URL will be processed as JavaScript code, which can be exploited to execute arbitrary code. This was addressed in WebKitGTK+. This issue was resolved by updating WebKitGTK+ to version 0.9.7.
- CVE-2017-5526 An exploitable condition exists in the handling of file:// URLs that allows attackers to execute arbitrary code with kernel privileges by convincing users to visit specially crafted websites that led browsers up executing maliciously crafted JavaScript code on disk (via Safari's JavaScriptCore). The vulnerability is due to insufficient input validation checking performed on parameters passed into JavaScriptCore
Core Text
Core Text is an API that provides text-based functions as a C programming API. It is available on Mac OS X, iOS, and other platforms in released form, but has been ported to many other systems.
The core text API provides rich string manipulation capabilities such as substring operations and character encoding conversion. For example, one can use the strchr() function to search for a substring within a string. The CoreText API has its own font cache system which stores information about fonts used in text objects and its own text layout engine which allows for text layout transformation based on font metrics and text attributes such as kerning pairs, letter-spacing, word-spacing, hyphenation of words and more.
Graphics Library (Gnome)
The Gnome Graphics Library (GnomeGL) is the component that allows programs on GNOME desktops to use OpenGL. The software is available for variant 2 and 3 of the graphics processing unit (GPU), which includes Intel, ATI Radeon, NVIDIA GeForce and more. In order to be able to use a graphical application on your computer, you need GnomeGL. Furthermore, this is also helpful if you are wanting to make use of GPU acceleration in your own program.
Timeline
Published on: 09/22/2022 17:15:00 UTC
Last modified on: 09/23/2022 03:02:00 UTC