Headline
Debian Security Advisory 5457-1
Debian Linux Security Advisory 5457-1 - An anonymous researcher discovered that processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Debian Security Advisory DSA-5457-1 [email protected]
https://www.debian.org/security/ Alberto Garcia
July 22, 2023 https://www.debian.org/security/faq
Package : webkit2gtk
CVE ID : CVE-2023-37450
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2023-37450
An anonymous researcher discovered that processing web content may
lead to arbitrary code execution. Apple is aware of a report that
this issue may have been actively exploited.
For the oldstable distribution (bullseye), this problem has been fixed
in version 2.40.3-2~deb11u2.
For the stable distribution (bookworm), this problem has been fixed in
version 2.40.3-2~deb12u2.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmS7l4cACgkQAAyEYu0C
2AJr/BAAnyKHOHxiOroDoQHyo/DrX4rS7UTRb3TQKmgxxlehEAm40lO7jMTG1HLD
HW8v7Jk9dguaqD4pV09rR3lfFrHb24jzyPZs07sQ3m1c9JQUXJybcsCkbLZlXH/V
BHiv/oUjLK6FW4lHzhx3YjJ1kw9V9w5VO1neTjP4N9PK9TSGmZyPeHFlWG/Rq9fN
jDU2PdS48TZK3enBfGEcaKOUcdxUsqWIIRh8nJY1EXVXUpmujjb8oJEHltNlSoe7
NGmaWsPmpRz71JYkFVzRRwcxqa1UEi4abMy9VHzPgcGomLXESbDhlZYGLPMmhV5s
lV6w73j1qDTpDZrsB7klm/MoABkqED6gwg1GktwmOFC07hC2PQt1Kd5ubQGX041k
0XCKf+JavPDsYgN2FV9BsuOvDXJX2hf21jcgw/M7nX0byVEpG+rZrzdecEPMND8I
+v0Lugs8D+Zg/80QaVqhA1hTQcwJgZVDn2GhB+8GfB4i0zhERHugkQsjCMIgkeh3
XQw8dXixJNCCG3S6G63lJaRgKyw2lDlG1yYuEgQlXvxsopIHc9Itt71sPgTd5Fsk
nvXiwMRkuqmytbOIcfaaIqPAe146l6O22sGICeYU59GdoEWcSstQCO6Gd1PJDJ8I
8h4IFTwxPGbVq5WIyX8mogK/n8FTPb788HrYcK/NLcCu5Kh23xY=
=g6Fh
-----END PGP SIGNATURE-----
Related news
Gentoo Linux Security Advisory 202401-4 - Several vulnerabilities have been found in WebKitGTK+, the worst of which can lead to remote code execution. Versions greater than or equal to 2.42.3:4 are affected.
The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.
This issue was addressed with improved state management. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5, iOS 15.7.8 and iPadOS 15.7.8. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
Apple Security Advisory 2023-07-24-8 - watchOS 9.6 addresses bypass, code execution, and use-after-free vulnerabilities.
Apple Security Advisory 2023-07-24-7 - tvOS 16.6 addresses bypass, code execution, and use-after-free vulnerabilities.
Apple Security Advisory 2023-07-24-4 - macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.
Apple has rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address several security vulnerabilities, including one actively exploited zero-day bug in the wild. Tracked as CVE-2023-38606, the shortcoming resides in the kernel and permits a malicious app to modify sensitive kernel state potentially. The company said it was addressed with improved state management. "
Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: WebKit Tags: CVE-2023-38606 Tags: CVE-2023-32409 Tags: CVE-2023-37450 Tags: CVE-2023-32416 Apple has released security updates for several products to address several serious vulnerabilities including some actively exploited zero-days. (Read more...) The post Update now! Apple fixes several serious vulnerabilities appeared first on Malwarebytes Labs.
Last week, the Biden administration released its formal roadmap for its national cybersecurity initiative meant to encourage greater investment in cybersecurity and strengthen the U.S.’s critical infrastructure security (and more).
By Waqas The software vulnerability, identified as CVE-2023-37450, has raised concerns due to its potential for arbitrary code execution. This is a post from HackRead.com Read the original post: Apple Issues Device Updates to Patch Critical Vulnerability
Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild. The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors to achieve arbitrary code execution when processing specially crafted web content. The iPhone maker said it addressed the issue with improved checks
Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: Safari Tags: WebKit Tags: macOS Tags: iOS Tags: iPadOs Tags: CVE-2023-37450 Tags: drive-by Tags: code execution Apple has issued an update for a zero-day vulnerability in the WebKit browser engine which may be actively exploited. (Read more...) The post Apple issues Rapid Security Response for zero-day vulnerability appeared first on Malwarebytes Labs.