Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-30860: About the security content of watchOS 7.6.2

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

CVE
#vulnerability#web#ios#mac#apple#google#pdf

This document describes the security content of watchOS 7.6.2.

About Apple security updates

For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

watchOS 7.6.2

Released September 13, 2021

CoreGraphics

Available for: Apple Watch Series 3 and later

Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: An integer overflow was addressed with improved input validation.

CVE-2021-30860: The Citizen Lab

Core Telephony

Available for: Apple Watch Series 3 and later

Impact: A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release.

Description: A deserialization issue was addressed through improved validation.

CVE-2021-31010: Citizen Lab and Google Project Zero

Entry added May 25, 2022

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: May 25, 2022

Related news

Gentoo Linux Security Advisory 202209-21

Gentoo Linux Security Advisory 202209-21 - A vulnerability has been discovered in Poppler which could allow for arbitrary code execution. Versions less than 22.09.0 are affected.

CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added 10 new actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, including a high-severity security flaw affecting industrial automation software from Delta Electronics. The issue, tracked as CVE-2021-38406 (CVSS score: 7.8), impacts DOPSoft 2 versions 2.00.07 and prior. A successful

CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added 10 new actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, including a high-severity security flaw affecting industrial automation software from Delta Electronics. The issue, tracked as CVE-2021-38406 (CVSS score: 7.8), impacts DOPSoft 2 versions 2.00.07 and prior. A successful

CVE-2022-38171: A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readSymbolDictSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).

CVE-2021-30844: About the security content of macOS Big Sur 11.6

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A remote attacker may be able to leak memory.

CVE-2021-30844: About the security content of macOS Big Sur 11.6

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A remote attacker may be able to leak memory.

CVE-2021-31010: About the security content of iOS 12.5.5

A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release..

CVE-2021-31010: About the security content of iOS 12.5.5

A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release..

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907