Security
Headlines
HeadlinesLatestCVEs

Headline

Apple Security Advisory 11-30-2023-3

Apple Security Advisory 11-30-2023-3 - macOS Sonoma 14.1.2 addresses code execution and out of bounds read vulnerabilities.

Packet Storm
#vulnerability#web#ios#mac#apple#google#webkit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-11-30-2023-3 macOS Sonoma 14.1.2

macOS Sonoma 14.1.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214032.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Sonoma
Impact: Processing web content may disclose sensitive information. Apple
is aware of a report that this issue may have been exploited against
versions of iOS before iOS 16.7.1.
Description: An out-of-bounds read was addressed with improved input
validation.
WebKit Bugzilla: 265041
CVE-2023-42916: Clément Lecigne of Google’s Threat Analysis Group

WebKit
Available for: macOS Sonoma
Impact: Processing web content may lead to arbitrary code execution.
Apple is aware of a report that this issue may have been exploited
against versions of iOS before iOS 16.7.1.
Description: A memory corruption vulnerability was addressed with
improved locking.
WebKit Bugzilla: 265067
CVE-2023-42917: Clément Lecigne of Google’s Threat Analysis Group

macOS Sonoma 14.1.2 may be obtained from the Mac App Store or Apple’s
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmVpE+0ACgkQX+5d1TXa
IvoY4Q//bNy4CuK4jcpHmFirjOgmyd8Sp+9aYQ5XkQ/GEZdUETxdK9rnjGBPfVO4
N6cfPpoiw030zlxJyYBhA+1UjQHC6ynENqII2WPoWWDH2TXdq+Iym4NQdPoaK5oL
aTWpWz3ZmSmZ2MKGHX+3oUo5M7bl6prTePPGu9Z17f/SPfSKdYeo2/N170kCZP21
0x0Hzr62jcYwbNjBlu1mD9PsC382VsSrCnb4awKOqYQ6BA/Ij8gEnobjWgtSyzi5
iSc12Jgq77OLBUtxVDj/tmmDByOL13RJd2dfFZO4B+TIZ9mTuFwoUBVwDDcLvRhl
4KKGDwge7egeUirYV+rF1DVxE0vFUqq37Lw0H2hAp/pYH/DzxrFecaVeO4VLol8M
tyY1clSf306D/p/FoXoetCFR1I35SY2L2AEYN9PwUQq2JRDbBZeWHSzv5zXWbnFH
eG2frM/faoR79ThU+jzaiJZvg+LXSf3QH/CTSmRhMKxuYwP7eUEv6zrX0wdoDw5C
ik0Q6D/iN0ZMz/NrydBBR7skfJDRzwYTmmdnFUHMq++NhRCuQnIR5gUVbGGFURMS
71rNTnRDp4Q23ecDoUvksBGr+mwXv0AH+5TOn/aFJ426FfTTuMIQ2gee04HqiYWY
35Q4hRgFoso7zDNt/gqGo1lrSYXDfNTF9Ka4Hv9YtS2qbBUJ4X4=
=Iax0
-----END PGP SIGNATURE-----

Related news

Red Hat Security Advisory 2024-9653-03

Red Hat Security Advisory 2024-9653-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Shortcuts Vulnerability Exposes Sensitive Data, Update Now!

By Waqas Another day, another Apple Security Vulnerability! This is a post from HackRead.com Read the original post: Apple Shortcuts Vulnerability Exposes Sensitive Data, Update Now!

November 2023 – January 2024: New Vulristics Features, 3 Months of Microsoft Patch Tuesdays and Linux Patch Wednesdays, Year 2023 in Review

Hello everyone! It has been 3 months since the last episode. I spent most of this time improving my Vulristics project. So in this episode, let’s take a look at what’s been done. Alternative video link (for Russia): https://vk.com/video-149273431_456239139 Also, let’s take a look at the Microsoft Patch Tuesdays vulnerabilities, Linux Patch Wednesdays vulnerabilities and […]

Apple Security Advisory 01-22-2024-4

Apple Security Advisory 01-22-2024-4 - iOS 15.8.1 and iPadOS 15.8.1 addresses code execution and out of bounds read vulnerabilities.

Why is the cost of cyber insurance rising?

Cyber insurance premiums are expected to rise this year after leveling out in 2023.

Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now

Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild. The issue, tracked as CVE-2024-23222, is a type confusion bug that could be exploited by a threat actor to achieve arbitrary code execution when processing maliciously crafted web content. The tech giant said the problem

Gentoo Linux Security Advisory 202401-04

Gentoo Linux Security Advisory 202401-4 - Several vulnerabilities have been found in WebKitGTK+, the worst of which can lead to remote code execution. Versions greater than or equal to 2.42.3:4 are affected.

Apple Security Advisory 12-11-2023-8

Apple Security Advisory 12-11-2023-8 - watchOS 10.2 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 12-11-2023-8

Apple Security Advisory 12-11-2023-8 - watchOS 10.2 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 12-11-2023-7

Apple Security Advisory 12-11-2023-7 - tvOS 17.2 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 12-11-2023-3

Apple Security Advisory 12-11-2023-3 - iOS 16.7.3 and iPadOS 16.7.3 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 12-11-2023-3

Apple Security Advisory 12-11-2023-3 - iOS 16.7.3 and iPadOS 16.7.3 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 11-30-2023-2

Apple Security Advisory 11-30-2023-2 - iOS 17.1.2 and iPadOS 17.1.2 addresses code execution and out of bounds read vulnerabilities.

Debian Security Advisory 5575-1

Debian Linux Security Advisory 5575-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine.

Debian Security Advisory 5575-1

Debian Linux Security Advisory 5575-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine.

Ubuntu Security Notice USN-6545-1

Ubuntu Security Notice 6545-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice USN-6545-1

Ubuntu Security Notice 6545-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Red Hat Security Advisory 2023-7716-03

Red Hat Security Advisory 2023-7716-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-7715-03

Red Hat Security Advisory 2023-7715-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.

Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws

Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices. This includes updates for 12 security vulnerabilities in iOS and iPadOS spanning AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari

Cybersecurity considerations to have when shopping for holiday gifts

When searching for holiday gifts online, make sure you’re buying from a trusted vendor, or if you haven’t heard of the vendor before, take a few extra minutes just to look them up and read their app’s privacy policy.

Cybersecurity considerations to have when shopping for holiday gifts

When searching for holiday gifts online, make sure you’re buying from a trusted vendor, or if you haven’t heard of the vendor before, take a few extra minutes just to look them up and read their app’s privacy policy.

Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws

Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software. The vulnerabilities, both of which reside in the WebKit web browser engine, are described below - CVE-2023-42916 - An out-of-bounds read issue that could be exploited to

Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws

Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software. The vulnerabilities, both of which reside in the WebKit web browser engine, are described below - CVE-2023-42916 - An out-of-bounds read issue that could be exploited to

Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities

By Waqas Immediate Action Required: Update Your Apple Devices, Including iPads, MacBooks, and iPhones, NOW! This is a post from HackRead.com Read the original post: Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities

Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities

By Waqas Immediate Action Required: Update Your Apple Devices, Including iPads, MacBooks, and iPhones, NOW! This is a post from HackRead.com Read the original post: Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities

CVE-2023-42917: About the security content of Safari 17.1.2

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

CVE-2023-42917: About the security content of Safari 17.1.2

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

Packet Storm: Latest News

Zeek 6.0.9