Security
Headlines
HeadlinesLatestCVEs

Headline

Apple Security Advisory 01-22-2024-9

Apple Security Advisory 01-22-2024-9 - tvOS 17.3 addresses code execution vulnerabilities.

Packet Storm
#vulnerability#web#apple#js#webkit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-01-22-2024-9 tvOS 17.3

tvOS 17.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214055.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2024-23212: Ye Zhang of Baidu Security

CoreCrypto
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An attacker may be able to decrypt legacy RSA PKCS#1 v1.5
ciphertexts without having the private key
Description: A timing side-channel issue was addressed with improvements
to constant-time computation in cryptographic functions.
CVE-2024-23218: Clemens Lang

Kernel
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2024-23208: fmyy(@binary_fmyy) and lime From TIANGONG Team of
Legendsec at QI-ANXIN Group

NSSpellChecker
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed with improved handling of
files.
CVE-2024-23223: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

TCC
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to access user-sensitive data
Description: An issue was addressed with improved handling of temporary
files.
CVE-2024-23215: Zhongquan Li (@Guluisacat)

Time Zone
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to view a user’s phone number in system logs
Description: This issue was addressed with improved redaction of
sensitive information.
CVE-2024-23210: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

WebKit
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: A maliciously crafted webpage may be able to fingerprint the
user
Description: An access issue was addressed with improved access
restrictions.
WebKit Bugzilla: 262699
CVE-2024-23206: an anonymous researcher

WebKit
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 266619
CVE-2024-23213: Wangtaiyu of Zhongfu info

WebKit
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution. Apple is aware of a report that this issue may have been
exploited.
Description: A type confusion issue was addressed with improved checks.
WebKit Bugzilla: 267134
CVE-2024-23222

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting “Settings ->
System -> Software Update -> Update Software.” To check the current
version of software, select “Settings -> General -> About.”
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmWvDyQACgkQX+5d1TXa
IvoUsA//bw9u1+Jxh79G7jV7SXt8HRV8yqr16Bhq00AqSdDx/RgVGTUs6cN8OfGX
MVda91yeQS7WOEtrw7no8vD2HcGSvcTCRWTRQRSYJjZfZ4C3v9Rnt3Nlx/mvdLQg
50Kn3Gm46C/+iFhuZhtSa9VrDhoaiLs3Wb9nVBrQ917CyNMXeDb1JuP1MOjPJgiJ
IVZlcIwAFrx4f779ove/MtupyeeoHZwV1KICEDyVIZsUGMGf4ti6J8tdK73EmUPo
a1Q6pRx8JRwtXBPkp/1PerRsfzb9bRAksZU6R5d8RdJBTpnx9kfZZpPWknyRX2R9
gR6tJrswgHcalkHDL6UXJfnWS3XCrCHg2jKQbWPDvor6juOMUKfi40ww36H6KdRG
ksNdFaWhmSK0Qu1EqS4bmCWYiUx16O/js7tbbNfXFp+ssjMtjunlVs9Ly3Jh2Fpi
gry4IRE5Ll4oryFxUPV9KGM72eDL8PAwvIgDXx5/NkcrZIGZNl9eseJCsfZ/AV7Z
dZTcc78Yguenm5Nsot6GmL1q0+LCj48PmcFu6VQF7KSFWcehAKjVIk+DaAOJITgF
uJekaVJp3mVe5XRvtQrfMlegiog40gPxQgwJ/psUyp3Ss5uIOPF6EUrAj2xqERRc
GVDDKWA3BFSCOJD/dtR/xmiwJdRMQwomeo8k1uUpd96ICM6VgJM=
=HfBk
-----END PGP SIGNATURE-----

Related news

Gentoo Linux Security Advisory 202407-13

Gentoo Linux Security Advisory 202407-13 - Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which could lead to arbitrary code execution Versions greater than or equal to 2.44.0:4 are affected.

Apple Security Advisory 03-07-2024-4

Apple Security Advisory 03-07-2024-4 - macOS Monterey 12.7.4 addresses buffer overflow, bypass, code execution, and out of bounds write vulnerabilities.

Ubuntu Security Notice USN-6631-1

Ubuntu Security Notice 6631-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Debian Security Advisory 5618-1

Debian Linux Security Advisory 5618-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher discovered that a maliciously crafted webpage may be able to fingerprint the user. Wangtaiyu discovered that processing web content may lead to arbitrary code execution. Apple discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.

Spyware isn’t going anywhere, and neither are its tactics

For their part, the U.S. did roll out new restrictions on the visas of any foreign individuals who misuse commercial spyware.

Apple Security Advisory 02-02-2024-1

Apple Security Advisory 02-02-2024-1 - visionOS 1.0.2 addresses a code execution vulnerability.

CISA Warns of Active Exploitation of Critical Flaws in Apple iOS and macOS

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2022-48618 (CVSS score: 7.8), concerns a bug in the kernel component. "An attacker with

Apple Security Advisory 01-22-2024-8

Apple Security Advisory 01-22-2024-8 - watchOS 10.3 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 01-22-2024-7

Apple Security Advisory 01-22-2024-7 - macOS Monterey 12.7.3 addresses code execution vulnerabilities.

Apple Security Advisory 01-22-2024-6

Apple Security Advisory 01-22-2024-6 - macOS Ventura 13.6.4 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 01-22-2024-5

Apple Security Advisory 01-22-2024-5 - macOS Sonoma 14.3 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 01-22-2024-3

Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.

Apple Security Advisory 01-22-2024-3

Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.

Apple Security Advisory 01-22-2024-3

Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.

Apple Security Advisory 01-22-2024-3

Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.

Apple Security Advisory 01-22-2024-2

Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 01-22-2024-2

Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 01-22-2024-2

Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 01-22-2024-2

Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 01-22-2024-2

Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 01-22-2024-2

Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 01-22-2024-2

Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 01-22-2024-2

Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 01-22-2024-2

Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 01-22-2024-1

Apple Security Advisory 01-22-2024-1 - Safari 17.3 addresses code execution vulnerabilities.

Apple Security Advisory 01-22-2024-1

Apple Security Advisory 01-22-2024-1 - Safari 17.3 addresses code execution vulnerabilities.

Apple Security Advisory 01-22-2024-1

Apple Security Advisory 01-22-2024-1 - Safari 17.3 addresses code execution vulnerabilities.

Why is the cost of cyber insurance rising?

Cyber insurance premiums are expected to rise this year after leveling out in 2023.

Update now! Apple releases patch for zero-day vulnerability

Apple has released new security updates for several products including a patch for a zero-day vulnerability which may have been exploited.

Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now

Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild. The issue, tracked as CVE-2024-23222, is a type confusion bug that could be exploited by a threat actor to achieve arbitrary code execution when processing maliciously crafted web content. The tech giant said the problem

Packet Storm: Latest News

TOR Virtual Network Tunneling Tool 0.4.8.13