-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-12-11-2024-9 Safari 18.2

Safari 18.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121846.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Safari
Available for: macOS Ventura and macOS Sonoma
Impact: On a device with Private Relay enabled, adding a website to the
Safari Reading List may reveal the originating IP address to the website
Description: The issue was addressed with improved routing of Safari-
originated requests.
CVE-2024-44246: Jacob Braun

WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 278497
CVE-2024-54479: Seunghyun Lee
WebKit Bugzilla: 281912
CVE-2024-54502: Brendon Tiszka of Google Project Zero

WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 282180
CVE-2024-54508: linjy of HKUS3Lab and chluo of WHUSecLab, Xiangwei Zhang
of Tencent Security YUNDING LAB

WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: Processing maliciously crafted web content may lead to memory
corruption
Description: A type confusion issue was addressed with improved memory
handling.
WebKit Bugzilla: 282661
CVE-2024-54505: Gary Kwong

WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: Processing maliciously crafted web content may lead to memory
corruption
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 277967
CVE-2024-54534: Tashita Software Security

Additional recognition

Safari
We would like to acknowledge Jaydev Ahire for their assistance.

WebKit
We would like to acknowledge Hafiizh for their assistance.

Safari 18.2 may be obtained from the Mac App Store.

All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmdaCisACgkQX+5d1TXa
IvpmaQ/+OPSH0RBZvHFbjuWyMO9Lpl6Zm2tb714ZDP0aPkvo+ONGhUo6vIGv+aDr
k0CvPw3PMLNWM/6t1s2rAasokmsOJCrm+OnxuYnLXmDQqG2noWw2wH4xWe7hcoJo
gH6/tWeT1vB0JCIDIz0jGwlvKLNBkZKsWn8/GwOyx0hCX5SIVkjrd7+TXM5liaYQ
hjdSCrXp5gTzGorXkcbOVeobAMMMgnVSkJ5yUul9wFZ52f/4eY7q6oSXpRZT5ddD
VQmi3UvQlSaXyDhmFiZ0/POwk4uN0TpqaIXxeucH1gTaAV80sUNoBjgyaUIOPnOf
sYFz5oOt6QTF6H+wnT6LckLuUXZiozvqOdjaqDsD15AF3Kju6a/0Se2ojpFxSwze
o8lQ/3gniyTNHGEH1SghLKFdNUnXzF+lQVIn5YW8OqBeS6CHpkRZbak3tajyG+NJ
+4tCj840uYP8KpmD8mZq5SzQHif2Io9SAyZ+i7Y9EXTjWLoZsEY77sDC/FEvhK44
2anshc7Q1b6FvQpUUQBA32mlhyDNl2uWhcrOKRBOrSZKykXAxi0ptcSg7xxsHq48
yVT/+hJIr4XQgdeq2oGUThZJk8JcJfTpH0HnN4t+yi+3cygpl1DCEQKlIK+l+EQ5
uGT54Nt36yS9GtSbvpaCGGQWiibfKP9d0R3xH9xbWqFpeUm311w=
=9HgJ
-----END PGP SIGNATURE-----