-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-02-11-2026-9 Safari 26.3
Safari 26.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/126354. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. CFNetwork Available for: macOS Sonoma and macOS Sequoia Impact: A remote user may be able to write arbitrary files Description: A path handling issue was addressed with improved logic. CVE-2026-20660: Amy (amys.website) Safari Available for: macOS Sonoma and macOS Sequoia Impact: An app may be able to access a user's Safari history Description: A logic issue was addressed with improved validation. CVE-2026-20656: Mickey Jin (@patch1t) WebKit Available for: macOS Sonoma and macOS Sequoia Impact: A remote attacker may be able to cause a denial-of-service Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 303959 CVE-2026-20652: Nathaniel Oh (@calysteon) WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: This issue was addressed through improved state management. WebKit Bugzilla: 303357 CVE-2026-20608: HanQing from TSDubhe and Nan Wang (@eternalsakura13) WebKit Available for: macOS Sonoma and macOS Sequoia Impact: A website may be able to track users through Safari web extensions Description: This issue was addressed through improved state management. WebKit Bugzilla: 305020 CVE-2026-20676: Tom Van Goethem WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 303444 CVE-2026-20644: HanQing from TSDubhe and Nan Wang (@eternalsakura13) WebKit Bugzilla: 304657 CVE-2026-20636: EntryHi WebKit Bugzilla: 304661 CVE-2026-20635: EntryHi Additional recognition WebKit We would like to acknowledge David Wood, EntryHi, Luigino Camastra of Aisle Research, Stanislav Fort of Aisle Research, Vsevolod Kokorin (Slonser) of Solidlab and Jorian Woltjer for their assistance. Safari 26.3 may be obtained from the Mac App Store. All information is also posted on the Apple Security Releases web site: https://support.apple.com/100100. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEhjkl+zMLNwFiCT1o4Ifiq8DH7PUFAmmND7oACgkQ4Ifiq8DH 7PVR4Q//dqRTn1jkGTKX6nBZPJSyVizdP9clKnd6CSvTUrYbTzw0/53Kw17n6etD MV/KVu4NyuZIV/qPdGcjqAgNAnG4VVWsLOyMKIgE2ccTXf/DWsWAnsKqc+S1HUk3 NHmwu+OHbsgQ+8yWOOEYg6nsZEXR/1WTLEqCJCJOAVNF+ORCcx0fLik+KUkw//+W K60gCR/RnxtFnI8GJvvgOe8Vz1ddkMb8TXQfvkjg/mB+C6r/Z35g5EqWZIMhO09H kQ6KX/CEr3FDqvh5bVC7kyzDc2WFtrU+syynpLmvb2NLeaeOr4ZW0OX+CpTGXm2O WjWxZTSvWJBJkGp8SzE6PimRkFirj9VdHcQk16XV/zGnnBx2dd9R2dVeuWxpjNO5 sfKCkwW1Xr7b0pnMEsG6NB+SQL3GTm9FD8zcFjh62zZig9+BB59KyMNwkXTtSrwB mjBU9ORc3tfwcH8Vdk/2vQFvyio//eP3CwDDkDo1ujI1srjWaojrneBWApLwtbIp Z8ojnNVIzHt0o2ViuxXQ+uH82s0RrJBTSYgss/pGB113aAKMoqBexfqqkFwPq1JU mHgEXjgQPNGTgocUBYsDO2C4+zrExK+oiBL5sjaQDIS6tyydPLtoRQa8QAq7KQ/B nS69vbgZ81xhxqj0PpoBnCII65Hg3STeLTF08fcvG5VmdhWD0kQ= =Z1wf -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
