Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5797-1

Ubuntu Security Notice 5797-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Packet Storm
#xss#vulnerability#web#ubuntu#dos#java#webkit
==========================================================================Ubuntu Security Notice USN-5797-1January 09, 2023webkit2gtk vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in WebKitGTK.Software Description:- webkit2gtk: Web content engine library for GTK+Details:Several security issues were discovered in the WebKitGTK Web and JavaScriptengines. If a user were tricked into viewing a malicious website, a remoteattacker could exploit a variety of issues related to web browser security,including cross-site scripting attacks, denial of service attacks, andarbitrary code execution.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.10:   libjavascriptcoregtk-4.0-18     2.38.3-0ubuntu0.22.10.1   libjavascriptcoregtk-4.1-0      2.38.3-0ubuntu0.22.10.1   libjavascriptcoregtk-5.0-0      2.38.3-0ubuntu0.22.10.1   libwebkit2gtk-4.0-37            2.38.3-0ubuntu0.22.10.1   libwebkit2gtk-4.1-0             2.38.3-0ubuntu0.22.10.1   libwebkit2gtk-5.0-0             2.38.3-0ubuntu0.22.10.1Ubuntu 22.04 LTS:   libjavascriptcoregtk-4.0-18     2.38.3-0ubuntu0.22.04.1   libjavascriptcoregtk-4.1-0      2.38.3-0ubuntu0.22.04.1   libwebkit2gtk-4.0-37            2.38.3-0ubuntu0.22.04.1   libwebkit2gtk-4.1-0             2.38.3-0ubuntu0.22.04.1Ubuntu 20.04 LTS:   libjavascriptcoregtk-4.0-18     2.38.3-0ubuntu0.20.04.1   libwebkit2gtk-4.0-37            2.38.3-0ubuntu0.20.04.1This update uses a new upstream release, which includes additional bugfixes. After a standard system update you need to restart any applicationsthat use WebKitGTK, such as Epiphany, to make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-5797-1   CVE-2022-42852, CVE-2022-42856, CVE-2022-42867, CVE-2022-46692,   CVE-2022-46698, CVE-2022-46699, CVE-2022-46700Package Information:   https://launchpad.net/ubuntu/+source/webkit2gtk/2.38.3-0ubuntu0.22.10.1   https://launchpad.net/ubuntu/+source/webkit2gtk/2.38.3-0ubuntu0.22.04.1   https://launchpad.net/ubuntu/+source/webkit2gtk/2.38.3-0ubuntu0.20.04.1

Related news

Gentoo Linux Security Advisory 202305-32

Gentoo Linux Security Advisory 202305-32 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in arbitrary code execution. Versions greater than or equal to 2.40.1 are affected.

Red Hat Security Advisory 2023-2834-01

Red Hat Security Advisory 2023-2834-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, information leakage, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-2256-01

Red Hat Security Advisory 2023-2256-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, information leakage, out of bounds write, and use-after-free vulnerabilities.

RHSA-2023:2256: Red Hat Security Advisory: webkit2gtk3 security and bug fix update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32886: A vulnerability was found in webkitgtkm, where a buffer overflow issue was addressed with improved memory handling. Processing maliciously crafted web content may lead to arbitrary code execution. * CVE-2022-32888: A vulnerability was found in webkitgtk, where an out-of-bounds read was addressed with improved bounds checking. Processing mali...

Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits

Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.

Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices

A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group (TAG) has revealed. The two distinct campaigns were both limited and highly targeted, taking advantage of the patch gap between the release of a fix and when it was actually deployed on the targeted devices. "These

Apple Security Advisory 2023-01-23-3

Apple Security Advisory 2023-01-23-3 - iOS 12.5.7 addresses a code execution vulnerability.

WebKit CSSCrossfadeValue::crossfadeChanged Use-After-Free

WebKit suffers from a RenderMathMLToken use-after-free vulnerability in CSSCrossfadeValue::crossfadeChanged.

Red Hat Security Advisory 2023-0021-01

Red Hat Security Advisory 2023-0021-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

RHSA-2023:0021: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42856: webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution

RHSA-2023:0016: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42856: webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution

Debian Security Advisory 5309-1

Debian Linux Security Advisory 5309-1 - Vulnerabilities have been discovered in the WPE WebKit web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Dohyun Lee and Ryan Shin discovered that processing maliciously crafted web content may disclose sensitive user information. Various other issues have also been addressed.

Debian Security Advisory 5309-1

Debian Linux Security Advisory 5309-1 - Vulnerabilities have been discovered in the WPE WebKit web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Dohyun Lee and Ryan Shin discovered that processing maliciously crafted web content may disclose sensitive user information. Various other issues have also been addressed.

Debian Security Advisory 5309-1

Debian Linux Security Advisory 5309-1 - Vulnerabilities have been discovered in the WPE WebKit web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Dohyun Lee and Ryan Shin discovered that processing maliciously crafted web content may disclose sensitive user information. Various other issues have also been addressed.

Debian Security Advisory 5309-1

Debian Linux Security Advisory 5309-1 - Vulnerabilities have been discovered in the WPE WebKit web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Dohyun Lee and Ryan Shin discovered that processing maliciously crafted web content may disclose sensitive user information. Various other issues have also been addressed.

Debian Security Advisory 5309-1

Debian Linux Security Advisory 5309-1 - Vulnerabilities have been discovered in the WPE WebKit web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Dohyun Lee and Ryan Shin discovered that processing maliciously crafted web content may disclose sensitive user information. Various other issues have also been addressed.

Debian Security Advisory 5309-1

Debian Linux Security Advisory 5309-1 - Vulnerabilities have been discovered in the WPE WebKit web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Dohyun Lee and Ryan Shin discovered that processing maliciously crafted web content may disclose sensitive user information. Various other issues have also been addressed.

Debian Security Advisory 5309-1

Debian Linux Security Advisory 5309-1 - Vulnerabilities have been discovered in the WPE WebKit web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Dohyun Lee and Ryan Shin discovered that processing maliciously crafted web content may disclose sensitive user information. Various other issues have also been addressed.

Debian Security Advisory 5308-1

Debian Linux Security Advisory 5308-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Multiple other issues were also addressed.

Debian Security Advisory 5308-1

Debian Linux Security Advisory 5308-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Multiple other issues were also addressed.

Debian Security Advisory 5308-1

Debian Linux Security Advisory 5308-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Multiple other issues were also addressed.

Debian Security Advisory 5308-1

Debian Linux Security Advisory 5308-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Multiple other issues were also addressed.

Debian Security Advisory 5308-1

Debian Linux Security Advisory 5308-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Multiple other issues were also addressed.

Debian Security Advisory 5308-1

Debian Linux Security Advisory 5308-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Multiple other issues were also addressed.

Apple Security Advisory 2022-12-13-9

Apple Security Advisory 2022-12-13-9 - Safari 16.2 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-9

Apple Security Advisory 2022-12-13-9 - Safari 16.2 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-9

Apple Security Advisory 2022-12-13-9 - Safari 16.2 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-9

Apple Security Advisory 2022-12-13-9 - Safari 16.2 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-9

Apple Security Advisory 2022-12-13-9 - Safari 16.2 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-9

Apple Security Advisory 2022-12-13-9 - Safari 16.2 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-9

Apple Security Advisory 2022-12-13-9 - Safari 16.2 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-8

Apple Security Advisory 2022-12-13-8 - watchOS 9.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-8

Apple Security Advisory 2022-12-13-8 - watchOS 9.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-8

Apple Security Advisory 2022-12-13-8 - watchOS 9.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-8

Apple Security Advisory 2022-12-13-8 - watchOS 9.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-8

Apple Security Advisory 2022-12-13-8 - watchOS 9.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-8

Apple Security Advisory 2022-12-13-8 - watchOS 9.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-7

Apple Security Advisory 2022-12-13-7 - tvOS 16.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-7

Apple Security Advisory 2022-12-13-7 - tvOS 16.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-7

Apple Security Advisory 2022-12-13-7 - tvOS 16.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-4

Apple Security Advisory 2022-12-13-4 - macOS Ventura 13.1 addresses bypass, code execution, out of bounds access, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-4

Apple Security Advisory 2022-12-13-4 - macOS Ventura 13.1 addresses bypass, code execution, out of bounds access, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-4

Apple Security Advisory 2022-12-13-4 - macOS Ventura 13.1 addresses bypass, code execution, out of bounds access, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-4

Apple Security Advisory 2022-12-13-4 - macOS Ventura 13.1 addresses bypass, code execution, out of bounds access, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-4

Apple Security Advisory 2022-12-13-4 - macOS Ventura 13.1 addresses bypass, code execution, out of bounds access, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-4

Apple Security Advisory 2022-12-13-4 - macOS Ventura 13.1 addresses bypass, code execution, out of bounds access, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-3

Apple Security Advisory 2022-12-13-3 - iOS 16.1.2 addresses a code execution vulnerability.

Apple Security Advisory 2022-12-13-2

Apple Security Advisory 2022-12-13-2 - iOS 15.7.2 and iPadOS 15.7.2 addresses bypass, code execution, integer overflow, out of bounds write, and spoofing vulnerabilities.

Apple Security Advisory 2022-12-13-2

Apple Security Advisory 2022-12-13-2 - iOS 15.7.2 and iPadOS 15.7.2 addresses bypass, code execution, integer overflow, out of bounds write, and spoofing vulnerabilities.

Apple Security Advisory 2022-12-13-2

Apple Security Advisory 2022-12-13-2 - iOS 15.7.2 and iPadOS 15.7.2 addresses bypass, code execution, integer overflow, out of bounds write, and spoofing vulnerabilities.

Apple Security Advisory 2022-12-13-2

Apple Security Advisory 2022-12-13-2 - iOS 15.7.2 and iPadOS 15.7.2 addresses bypass, code execution, integer overflow, out of bounds write, and spoofing vulnerabilities.

Apple Security Advisory 2022-12-13-1

Apple Security Advisory 2022-12-13-1 - iOS 16.2 and iPadOS 16.2 addresses bypass, code execution, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-1

Apple Security Advisory 2022-12-13-1 - iOS 16.2 and iPadOS 16.2 addresses bypass, code execution, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-1

Apple Security Advisory 2022-12-13-1 - iOS 16.2 and iPadOS 16.2 addresses bypass, code execution, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-1

Apple Security Advisory 2022-12-13-1 - iOS 16.2 and iPadOS 16.2 addresses bypass, code execution, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-1

Apple Security Advisory 2022-12-13-1 - iOS 16.2 and iPadOS 16.2 addresses bypass, code execution, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-1

Apple Security Advisory 2022-12-13-1 - iOS 16.2 and iPadOS 16.2 addresses bypass, code execution, out of bounds write, spoofing, and use-after-free vulnerabilities.

CVE-2022-46701: About the security content of macOS Ventura 13.1

The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.

CVE-2022-46702: About the security content of iOS 16.2 and iPadOS 16.2

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory.

CVE-2022-46700: About the security content of iOS 15.7.2 and iPadOS 15.7.2

A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-46701: About the security content of macOS Ventura 13.1

The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.

CVE-2022-46700: About the security content of iOS 15.7.2 and iPadOS 15.7.2

A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-46701: About the security content of macOS Ventura 13.1

The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.

CVE-2022-46700: About the security content of iOS 15.7.2 and iPadOS 15.7.2

A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-46702: About the security content of iOS 16.2 and iPadOS 16.2

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory.

CVE-2022-46702: About the security content of iOS 16.2 and iPadOS 16.2

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory.

CVE-2022-46701: About the security content of macOS Ventura 13.1

The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.

CVE-2022-46701: About the security content of macOS Ventura 13.1

The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.

CVE-2022-46701: About the security content of macOS Ventura 13.1

The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.

CVE-2022-46702: About the security content of iOS 16.2 and iPadOS 16.2

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory.

CVE-2022-46700: About the security content of iOS 15.7.2 and iPadOS 15.7.2

A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-46701: About the security content of macOS Ventura 13.1

The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.

CVE-2022-46702: About the security content of iOS 16.2 and iPadOS 16.2

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory.

CVE-2022-46702: About the security content of iOS 16.2 and iPadOS 16.2

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory.

New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products

Apple on Tuesday rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code. Tracked as CVE-2022-42856, the issue has been described by the tech giant as a type confusion issue in the WebKit browser engine that could be triggered when processing specially crafted content, leading to

Packet Storm: Latest News

Zeek 6.0.9