Security
Headlines
HeadlinesLatestCVEs

Headline

Apple Security Advisory 01-22-2024-2

Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.

Packet Storm
#vulnerability#web#ios#apple#js#auth#ssh#webkit
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3iOS 17.3 and iPadOS 17.3 addresses the following issues.Information about the security content is also available athttps://support.apple.com/kb/HT214059.Apple maintains a Security Updates page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.Apple Neural EngineAvailable for devices with Apple Neural Engine: iPhone XS and later,iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 8thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: The issue was addressed with improved memory handling.CVE-2024-23212: Ye Zhang of Baidu SecurityCoreCryptoAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An attacker may be able to decrypt legacy RSA PKCS#1 v1.5ciphertexts without having the private keyDescription: A timing side-channel issue was addressed with improvementsto constant-time computation in cryptographic functions.CVE-2024-23218: Clemens LangKernelAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: The issue was addressed with improved memory handling.CVE-2024-23208: fmyy(@binary_fmyy) and lime From TIANGONG Team ofLegendsec at QI-ANXIN GroupMail SearchAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to access sensitive user dataDescription: This issue was addressed with improved redaction ofsensitive information.CVE-2024-23207: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab), andIan de MarcellusNSSpellCheckerAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to access sensitive user dataDescription: A privacy issue was addressed with improved handling offiles.CVE-2024-23223: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)Reset ServicesAvailable for: iPhone XS and laterImpact: Stolen Device Protection may be unexpectedly disabledDescription: The issue was addressed with improved authentication.CVE-2024-23219: Peter Watthey and Christian ScaleseSafariAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: A user's private browsing activity may be visible in SettingsDescription: A privacy issue was addressed with improved handling ofuser preferences.CVE-2024-23211: Mark BowersShortcutsAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: A shortcut may be able to use sensitive data with certainactions without prompting the userDescription: The issue was addressed with additional permissions checks.CVE-2024-23203: an anonymous researcherCVE-2024-23204: Jubaer Alnazi (@h33tjubaer)ShortcutsAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to bypass certain Privacy preferencesDescription: A privacy issue was addressed with improved handling oftemporary files.CVE-2024-23217: Kirin (@Pwnrin)TCCAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to access user-sensitive dataDescription: An issue was addressed with improved handling of temporaryfiles.CVE-2024-23215: Zhongquan Li (@Guluisacat)Time ZoneAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to view a user's phone number in system logsDescription: This issue was addressed with improved redaction ofsensitive information.CVE-2024-23210: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)WebKitAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: A maliciously crafted webpage may be able to fingerprint theuserDescription: An access issue was addressed with improved accessrestrictions.WebKit Bugzilla: 262699CVE-2024-23206: an anonymous researcherWebKitAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: Processing web content may lead to arbitrary code executionDescription: The issue was addressed with improved memory handling.WebKit Bugzilla: 266619CVE-2024-23213: Wangtaiyu of Zhongfu infoWebKitAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: Processing maliciously crafted web content may lead to arbitrarycode executionDescription: Multiple memory corruption issues were addressed withimproved memory handling.WebKit Bugzilla: 265129CVE-2024-23214: Nan Wang (@eternalsakura13) of 360 VulnerabilityResearch InstituteWebKitAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: Processing maliciously crafted web content may lead to arbitrarycode execution. Apple is aware of a report that this issue may have beenexploited.Description: A type confusion issue was addressed with improved checks.WebKit Bugzilla: 267134CVE-2024-23222This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 17.3 and iPadOS 17.3".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmWvDP8ACgkQX+5d1TXaIvp1NA//Ziu4pKJd/OIbEjiPfVw8w/q2A4uPkHzOtxWWeSsuQHmUjULi9PGLtjFdOy6SGjIAXKkP5wpt2qoOXcqEwP8kQzMQZwmRSHyPbSNXLyDiThgLdFWOqV5GcO1+eM7vOvKfcf7ITJJashPS4gJet7QpqX0vM5Pop9XJlS679IdhnauCY/ocmoWafvayY7IZf6SXYXh/V6wWk76zW7ZAgdWz0qxPjoObc3UrggJagBuBGzbSbEj1aK+tw8GMKw0whSG1fMqoLWsIielGaAahHmyIrg424S3HK/JdAXU8QXKKUc3HYVyShceLIgf7Gn/RFtIFiqoAlublgbEXthPYVG+pwFMvjUiCFPZK4tQ9yDtst+6ViPT+LK8Ea21ZqwvWTYqcFzKVbc+DcA4W0sLZE9Rc3tMXm60qoy5x1T4tIOFGSotrjH0M8CthxaxSMxRusr4ejiczr5dbeq/4pjU5PevU/kZVIp0lA65WkznSqio/UxpJ9uD2Oh2C8ZKOHE/az3I3zD7Tll52RPWA201fvo9Q3bCL5JRd/ayXN+tVRuyACkLPcDgPMNB8TdjoBrzFvJ8KRg9XHn9qJSsz/h15UJ/lwVOKBHmSP3H+VWBR/ts0oKcj+UQGmNSHtWNXvreC6ZbQi16JSK2wp0MvVWbFrWnwg0Ory4e5x5hHbrBEvvw0Qwk==kOJs-----END PGP SIGNATURE-----

Related news

Red Hat Security Advisory 2024-9680-03

Red Hat Security Advisory 2024-9680-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.

Gentoo Linux Security Advisory 202407-13

Gentoo Linux Security Advisory 202407-13 - Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which could lead to arbitrary code execution Versions greater than or equal to 2.44.0:4 are affected.

Apple Security Advisory 03-07-2024-4

Apple Security Advisory 03-07-2024-4 - macOS Monterey 12.7.4 addresses buffer overflow, bypass, code execution, and out of bounds write vulnerabilities.

Apple Shortcuts Vulnerability Exposes Sensitive Data, Update Now!

By Waqas Another day, another Apple Security Vulnerability! This is a post from HackRead.com Read the original post: Apple Shortcuts Vulnerability Exposes Sensitive Data, Update Now!

Ubuntu Security Notice USN-6631-1

Ubuntu Security Notice 6631-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Debian Security Advisory 5618-1

Debian Linux Security Advisory 5618-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher discovered that a maliciously crafted webpage may be able to fingerprint the user. Wangtaiyu discovered that processing web content may lead to arbitrary code execution. Apple discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.

Spyware isn’t going anywhere, and neither are its tactics

For their part, the U.S. did roll out new restrictions on the visas of any foreign individuals who misuse commercial spyware.

Apple Security Advisory 02-02-2024-1

Apple Security Advisory 02-02-2024-1 - visionOS 1.0.2 addresses a code execution vulnerability.

CISA Warns of Active Exploitation of Critical Flaws in Apple iOS and macOS

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2022-48618 (CVSS score: 7.8), concerns a bug in the kernel component. "An attacker with

Apple Security Advisory 01-22-2024-9

Apple Security Advisory 01-22-2024-9 - tvOS 17.3 addresses code execution vulnerabilities.

Apple Security Advisory 01-22-2024-8

Apple Security Advisory 01-22-2024-8 - watchOS 10.3 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 01-22-2024-7

Apple Security Advisory 01-22-2024-7 - macOS Monterey 12.7.3 addresses code execution vulnerabilities.

Apple Security Advisory 01-22-2024-6

Apple Security Advisory 01-22-2024-6 - macOS Ventura 13.6.4 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 01-22-2024-5

Apple Security Advisory 01-22-2024-5 - macOS Sonoma 14.3 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 01-22-2024-3

Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.

Apple Security Advisory 01-22-2024-3

Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.

Apple Security Advisory 01-22-2024-3

Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.

Apple Security Advisory 01-22-2024-3

Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.

Apple Security Advisory 01-22-2024-3

Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.

Apple Security Advisory 01-22-2024-3

Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.

Apple Security Advisory 01-22-2024-1

Apple Security Advisory 01-22-2024-1 - Safari 17.3 addresses code execution vulnerabilities.

Why is the cost of cyber insurance rising?

Cyber insurance premiums are expected to rise this year after leveling out in 2023.

Update now! Apple releases patch for zero-day vulnerability

Apple has released new security updates for several products including a patch for a zero-day vulnerability which may have been exploited.

Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now

Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild. The issue, tracked as CVE-2024-23222, is a type confusion bug that could be exploited by a threat actor to achieve arbitrary code execution when processing maliciously crafted web content. The tech giant said the problem

Packet Storm: Latest News

Zeek 6.0.9