Headline
CVE-2022-32784: About the security content of Safari 15.6
The issue was addressed with improved UI handling. This issue is fixed in Safari 15.6, iOS 15.6 and iPadOS 15.6. Visiting a maliciously crafted website may leak sensitive data.
Released July 20, 2022
Safari Extensions
Available for: macOS Big Sur and macOS Catalina
Impact: Visiting a maliciously crafted website may leak sensitive data
Description: The issue was addressed with improved UI handling.
CVE-2022-32784: Young Min Kim of CompSec Lab at Seoul National University
WebKit
Available for: macOS Big Sur and macOS Catalina
Impact: A user may be tracked through their IP address
Description: A logic issue was addressed with improved state management.
CVE-2022-32861: Matthias Keller (m-keller.com)
Entry added September 16, 2022
WebKit
Available for: macOS Big Sur and macOS Catalina
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved state management.
CVE-2022-32863: P1umer, afang5472, xmzyshypnc
Entry added September 16, 2022
WebKit
Available for: macOS Big Sur and macOS Catalina
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved input validation.
WebKit Bugzilla: 240720
CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative
WebRTC
Available for: macOS Big Sur and macOS Catalina
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: A memory corruption issue was addressed with improved state management.
WebKit Bugzilla: 242339
CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team
Related news
Gentoo Linux Security Advisory 202311-11 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.10_p20230623 are affected.
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6. A user may be able to view restricted content from the lock screen.
The issue was addressed with improved memory handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.
Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.
Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.
Ubuntu Security Notice 5568-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Ubuntu Security Notice 5568-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Hello everyone! Microsoft has been acting weird lately. I mean the recent publication of a propaganda report about evil Russians and how Microsoft is involved in the conflict between countries. It wouldn’t be unusual for a US government agency, NSA or CIA to publish such a report. But when a global IT vendor, which, in […]
Candiru attackers breached a news agency employee website to target journalists with DevilsTongue spyware, researchers say.
Apple Security Advisory Safari - Safari 15.6 addresses code execution and out of bounds write vulnerabilities.
Apple Security Advisory Safari - Safari 15.6 addresses code execution and out of bounds write vulnerabilities.
Apple Security Advisory Safari - Safari 15.6 addresses code execution and out of bounds write vulnerabilities.
Apple Security Advisory 2022-07-20-6 - watchOS 8.7 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and spoofing vulnerabilities.
Apple Security Advisory 2022-07-20-5 - tvOS 15.6 addresses buffer overflow, bypass, code execution, information leakage, out of bounds read, out of bounds write, and spoofing vulnerabilities.
Apple Security Advisory 2022-07-20-2 - macOS Monterey 12.5 addresses bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities.
Apple Security Advisory 2022-07-20-1 - iOS 15.6 and iPadOS 15.6 addresses buffer overflow, bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities.
Apple Security Advisory 2022-07-20-1 - iOS 15.6 and iPadOS 15.6 addresses buffer overflow, bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities.
By Deeba Ahmed The spyware vendor Candiru used the Chrome zero-day in March 2022 to target journalists and other unsuspected victims… This is a post from HackRead.com Read the original post: Israeli Spyware Vendor Uses Chrome 0day to Target Journalists
The actively exploited but now-fixed Google Chrome zero-day flaw that came to light earlier this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East. Czech cybersecurity firm Avast linked the exploitation to Candiru (aka Saito Tech), which has a history of leveraging previously unknown flaws to deploy a Windows malware dubbed
Apple on Wednesday rolled out software fixes for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting its platforms. This includes at least 37 flaws spanning different components in iOS and macOS that range from privilege escalation to arbitrary code execution and from information disclosure to denial-of-service (DoS). Chief among them is
Apple on Wednesday rolled out software fixes for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting its platforms. This includes at least 37 flaws spanning different components in iOS and macOS that range from privilege escalation to arbitrary code execution and from information disclosure to denial-of-service (DoS). Chief among them is
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. I’ve been thinking a lot recently about the pros and cons of the way we publicize our threat research. I had a few conversations at Cisco Live with people — who are more generally IT-focused than... [[ This is only the beginning! Please visit the blog for the complete entry ]]
Google has patched a vulnerability in Chrome which was being exploited in the wild. Make sure you're using the latest version. The post Update now! Chrome patches ANOTHER zero-day vulnerability appeared first on Malwarebytes Labs.