Apple Security Advisory 2023-07-24-7 - tvOS 16.6 addresses bypass, code execution, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-07-24-7 tvOS 16.6

tvOS 16.6 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213846.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Kernel  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-32734: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.  
CVE-2023-32441: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs SG  
Pte. Ltd.

Kernel  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: An app may be able to modify sensitive kernel state. Apple is  
aware of a report that this issue may have been actively exploited  
against versions of iOS released before iOS 15.7.1.  
Description: This issue was addressed with improved state management.  
CVE-2023-38606: Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin  
(@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of  
Kaspersky

Kernel  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A use-after-free issue was addressed with improved memory  
management.  
CVE-2023-32381: an anonymous researcher  
CVE-2023-32433: Zweig of Kunlun Lab  
CVE-2023-35993: Kaitao Xie and Xiaolong Bai of Alibaba Group

WebKit  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: A website may be able to bypass Same Origin Policy  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 256549  
CVE-2023-38572: Narendra Bhati (twitter.com/imnarendrabhati) of Suma  
Soft Pvt. Ltd, Pune - India

WebKit  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 256865  
CVE-2023-38594: Yuhao Hu  
WebKit Bugzilla: 256573  
CVE-2023-38595: an anonymous researcher, Jiming Wang, and Jikai Ren  
WebKit Bugzilla: 257387  
CVE-2023-38600: Anonymous working with Trend Micro Zero Day Initiative

WebKit  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 258058  
CVE-2023-38611: Francisco Alonso (@revskills)

WebKit  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: Processing web content may lead to arbitrary code execution.  
Apple is aware of a report that this issue may have been actively  
exploited.  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 259231  
CVE-2023-37450: an anonymous researcher

WebKit Web Inspector  
Available for: Apple TV 4K (all models) and Apple TV HD  
Impact: Processing web content may disclose sensitive information  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 256932  
CVE-2023-38133: YeongHyeon Choi (@hyeon101010)

Apple TV will periodically check for software updates. Alternatively,  
you may manually check for software updates by selecting "Settings ->  
System -> Software Update -> Update Software."  To check the current  
version of software, select "Settings -> General -> About."  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmS/FLkACgkQ4RjMIDke  
Nxl5gRAA2z3qtF2NRTBpmW0GNmtwVB33PZUckSabe97M/lPYixnESGT30TbaQw8C  
u+aQrUoy5/WWJoXMGmIN6qVAstkWgXIbwV9oH113J5i2gHJrTDP0QPd2wUnd9jNz  
8mcjzlo52CE0h+ZzQqzsu/CItiTLpPQctoy8DAlx6GFibVikUTgXkOsEXw6iPPgQ  
c5ouEb9rSidOeYGjaRjXoDRtBT8FWxpC3bWietSxHcIVYq/ThMGcOMpzJiTBjjCV  
oiq8te/4G/YZgqhweMSuLh4eZWNP9mQOBrPd1h0DD5WtkqjGlMpMYE2CAIYGfaUR  
aWwxZV534ilZr1IzRSgmqt0d4C/7Jk69RsM6h3KhUSd87zMgNV6AS1khUEEzXNp5  
tGyw4EQ+FGr4hzJtYmVx+8g5kfH00JyrcAiuALj9lska4ZPWcz7WnS0+R4GsDaw6  
tjEeXa5VJJi5KnBDNhml0QXd99cADI/mqz5/LL+SLPNFn1/5k+A6Qbj19nbx9UBp  
oVfA0+LDHfUlt+pC75jwHqoV/4X/UOoAAER3yjkz4SNHCeqfD7ZzwhIg/x2+YcyS  
BRVdo+8xe4ckC2lkkt6Sa7EUt7G4nmIyE2RhPYxjVpUwbv7MzRSXFz0TX5p+vk4K  
pwNhnGty7Vc8FMhT1iH+MmpkgYiev5pAzAfw+oetoQQ3NElCCAs=  
=+SMD  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-07-24-7

Ubuntu Security Notice 6248-1 - It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in Adreno GPU DRM driver in the Linux kernel, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6248-1July 25, 2023linux-oem-6.0 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-oem-6.0: Linux kernel for OEM systemsDetails:It was discovered that the network queuing discipline implementation in theLinux kernel contained a null pointer dereference in some situations. Alocal attacker could use this to cause a denial of service (system crash).(CVE-2022-47929)It was discovered that a race condition existed in Adreno GPU DRM driver inthe Linux kernel, leading to a double-free vulnerability. A local attackercould use this to cause a denial of service (system crash).(CVE-2023-21106)Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFSimplementation in the Ubuntu Linux kernel did not properly performpermission checks in certain situations. A local attacker could possiblyuse this to gain elevated privileges. (CVE-2023-2640)Mingi Cho discovered that the netfilter subsystem in the Linux kernel didnot properly validate the status of a nft chain while performing a lookupby id, leading to a use-after-free vulnerability. An attacker could usethis to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2023-31248)Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation inthe Ubuntu Linux kernel did not properly perform permission checks incertain situations. A local attacker could possibly use this to gainelevated privileges. (CVE-2023-32629)Querijn Voet discovered that a race condition existed in the io_uringsubsystem in the Linux kernel, leading to a use-after-free vulnerability. Alocal attacker could use this to cause a denial of service (system crash)or possibly execute arbitrary code. (CVE-2023-3389)Tanguy Dubroca discovered that the netfilter subsystem in the Linux kerneldid not properly handle certain pointer data type, leading to an out-of-bounds write vulnerability. A privileged attacker could use this to cause adenial of service (system crash) or possibly execute arbitrary code.(CVE-2023-35001)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   linux-image-6.0.0-1020-oem      6.0.0-1020.20   linux-image-oem-22.04b          6.0.0.1020.20After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6248-1   CVE-2022-47929, CVE-2023-21106, CVE-2023-2640, CVE-2023-31248,   CVE-2023-32629, CVE-2023-3389, CVE-2023-35001Package Information:   https://launchpad.net/ubuntu/+source/linux-oem-6.0/6.0.0-1020.20

Ubuntu Security Notice USN-6248-1

Apple Security Advisory 2023-07-24-6 - macOS Big Sur 11.7.9 addresses code execution, out of bounds read, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9

macOS Big Sur 11.7.9 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213845.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Assets  
Available for: macOS Big Sur  
Impact: An app may be able to modify protected parts of the file system  
Description: This issue was addressed with improved data protection.  
CVE-2023-35983: Mickey Jin (@patch1t)

curl  
Available for: macOS Big Sur  
Impact: Multiple issues in curl  
Description: Multiple issues were addressed by updating curl.  
CVE-2023-28319  
CVE-2023-28320  
CVE-2023-28321  
CVE-2023-28322

Grapher  
Available for: macOS Big Sur  
Impact: Processing a file may lead to unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved checks.  
CVE-2023-36854: Bool of YunShangHuaAn(云上华安)  
CVE-2023-32418: Bool of YunShangHuaAn(云上华安)

Kernel  
Available for: macOS Big Sur  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A use-after-free issue was addressed with improved memory  
management.  
CVE-2023-32381: an anonymous researcher  
CVE-2023-32433: Zweig of Kunlun Lab  
CVE-2023-35993: Kaitao Xie and Xiaolong Bai of Alibaba Group

Kernel  
Available for: macOS Big Sur  
Impact: An app may be able to modify sensitive kernel state. Apple is  
aware of a report that this issue may have been actively exploited  
against versions of iOS released before iOS 15.7.1.  
Description: This issue was addressed with improved state management.  
CVE-2023-38606: Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin  
(@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of  
Kaspersky

Kernel  
Available for: macOS Big Sur  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-32441: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs SG  
Pte. Ltd.

libxpc  
Available for: macOS Big Sur  
Impact: An app may be able to gain root privileges  
Description: A path handling issue was addressed with improved  
validation.  
CVE-2023-38565: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab  
(xlab.tencent.com)

libxpc  
Available for: macOS Big Sur  
Impact: An app may be able to cause a denial-of-service  
Description: A logic issue was addressed with improved checks.  
CVE-2023-38593: Noah Roskin-Frazee

OpenLDAP  
Available for: macOS Big Sur  
Impact: A remote user may be able to cause a denial-of-service  
Description: The issue was addressed with improved memory handling.  
CVE-2023-2953: Sandipan Roy

PackageKit  
Available for: macOS Big Sur  
Impact: An app may be able to access user-sensitive data  
Description: A logic issue was addressed with improved restrictions.  
CVE-2023-38259: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Big Sur  
Impact: An app may be able to modify protected parts of the file system  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2023-38602: Arsenii Kostromin (0x3c3e)

sips  
Available for: macOS Big Sur  
Impact: Processing a file may lead to a denial-of-service or potentially  
disclose memory contents  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2023-32443: David Hoyt of Hoyt LLC

Additional recognition

Mail  
We would like to acknowledge Parvez Anwar for their assistance.

macOS Big Sur 11.7.9 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmS/FLgACgkQ4RjMIDke  
NxnD5BAAm2dEYn2sNcYgfMiJ7QLm77m62IXpHor8GU3x9rymlvlrIygh+Q8SKlR5  
SYsMFt+MOC2F2x8l3DdMn0FxCHyeJ0mRAsaLswhDDGKr8bh6cheCrkCqRFD+QCad  
Wrq+M0KskZZCPYeQ2Cvdf6Mu9laflNiw2+ORypLvHwESwfIEiiQD8mUBLNEhzplB  
wcysp4Zd7Z4SPq3i9zjS0+z0f3FdjHHJAyK5948A5ROtckuFFJUOm1SvWbgU5K9+  
OymJ8oFIXliTT/XK6Y8rH8EHqXg7/XFadrZ4FsyTDqY4AxlBfnH35f57Tyctro+J  
cv2fL1R7Jr/fzF2csMtOAnIrFIf2crCr3zhrqP9/v1TT+m9VkWAJCcv81AMwGixw  
jSWc1iDwMSWSFzkg1+sHdYU/XwimfLcDo/vX3Bc/4cEbS5bUtk01mOlh17s2Lzej  
/aJgM2TEKUU2QPEbPwh/THMKfWvsDEvlFPZFknnpPaKUfKq3SRV8vbIUq0jYf4Kw  
bHV6Ms2rwtjIKhvA3fOPepsLHouQxjdBNjuJBNiwJzp9VK3CtgZNvrI0MDiNgGzs  
RuML8fD7HofWIbluCUcZiY/t3ApBInJ+6HUa0RWOKm6v2SsoS2nxNOZcLNBVSGRE  
fQGWds5qNaBUPrr/NpABpcjbWqdXw4PneFKmb8SZoT7pNy1c45Q=  
=gluJ  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-07-24-6

Ubuntu Security Notice 5807-3 - USN-5807-1 fixed a vulnerability in libXpm. This update provides the corresponding update for Ubuntu 14.04 ESM. Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service.

==========================================================================  
Ubuntu Security Notice USN-5807-3  
July 26, 2023

libxpm vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

libXpm could be made to denial of service if it received a specially  
crafted XPM file.

Software Description:  
- libxpm: X11 pixmap library

Details:

USN-5807-1 fixed a vulnerability in libXpm. This update provides  
the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

 Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files.  
 If a user or automated system were tricked into opening a specially crafted  
 XPM file, a remote attacker could possibly use this issue to cause libXpm  
 to stop responding, resulting in a denial of service. (CVE-2022-46285)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
  libxpm4                         1:3.5.10-1ubuntu0.1+esm1  
  xpmutils                        1:3.5.10-1ubuntu0.1+esm1

After a standard system update you need to restart your session to make all  
the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-5807-3  
  https://ubuntu.com/security/notices/USN-5807-1  
  CVE-2022-46285

Ubuntu Security Notice USN-5807-3

Ubuntu Security Notice 6247-1 - David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. It was discovered that the IDT 77252 ATM PCI device driver in the Linux kernel did not properly remove any pending timers during device exit, resulting in a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service or execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6247-1  
July 25, 2023

linux-oem-5.17 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-oem-5.17: Linux kernel for OEM systems

Details:

David Leadbeater discovered that the netfilter IRC protocol tracking  
implementation in the Linux Kernel incorrectly handled certain message  
payloads in some situations. A remote attacker could possibly use this to  
cause a denial of service or bypass firewall filtering. (CVE-2022-2663)

It was discovered that the IDT 77252 ATM PCI device driver in the Linux  
kernel did not properly remove any pending timers during device exit,  
resulting in a use-after-free vulnerability. A local attacker could  
possibly use this to cause a denial of service (system crash) or execute  
arbitrary code. (CVE-2022-3635)

It was discovered that the network queuing discipline implementation in the  
Linux kernel contained a null pointer dereference in some situations. A  
local attacker could use this to cause a denial of service (system crash).  
(CVE-2022-47929)

Lucas Leong discovered that the IPv6 SR implementation in the Linux kernel  
did not properly validate SEG6 configuration attributes, leading to an out-  
of-bounds read vulnerability. A privileged attacker could use this to  
expose sensitive information (kernel memory). (CVE-2023-2860)

Mingi Cho discovered that the netfilter subsystem in the Linux kernel did  
not properly validate the status of a nft chain while performing a lookup  
by id, leading to a use-after-free vulnerability. An attacker could use  
this to cause a denial of service (system crash) or possibly execute  
arbitrary code. (CVE-2023-31248)

Tanguy Dubroca discovered that the netfilter subsystem in the Linux kernel  
did not properly handle certain pointer data type, leading to an out-of-  
bounds write vulnerability. A privileged attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-35001)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
   linux-image-5.17.0-1035-oem     5.17.0-1035.36  
   linux-image-oem-22.04           5.17.0.1035.33  
   linux-image-oem-22.04a          5.17.0.1035.33

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6247-1  
   CVE-2022-2663, CVE-2022-3635, CVE-2022-47929, CVE-2023-2860,  
   CVE-2023-31248, CVE-2023-35001

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-oem-5.17/5.17.0-1035.36

Ubuntu Security Notice USN-6247-1

Apple Security Advisory 2023-07-24-5 - macOS Monterey 12.6.8 addresses code execution, out of bounds read, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8

macOS Monterey 12.6.8 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213844.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Assets  
Available for: macOS Monterey  
Impact: An app may be able to modify protected parts of the file system  
Description: This issue was addressed with improved data protection.  
CVE-2023-35983: Mickey Jin (@patch1t)

curl  
Available for: macOS Monterey  
Impact: Multiple issues in curl  
Description: Multiple issues were addressed by updating curl.  
CVE-2023-28319  
CVE-2023-28320  
CVE-2023-28321  
CVE-2023-28322

Find My  
Available for: macOS Monterey  
Impact: An app may be able to read sensitive location information  
Description: A logic issue was addressed with improved restrictions.  
CVE-2023-32416: Wojciech Regula of SecuRing (wojciechregula.blog)

Grapher  
Available for: macOS Monterey  
Impact: Processing a file may lead to unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved checks.  
CVE-2023-36854: Bool of YunShangHuaAn(云上华安)  
CVE-2023-32418: Bool of YunShangHuaAn(云上华安)

Kernel  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A use-after-free issue was addressed with improved memory  
management.  
CVE-2023-32381: an anonymous researcher  
CVE-2023-32433: Zweig of Kunlun Lab  
CVE-2023-35993: Kaitao Xie and Xiaolong Bai of Alibaba Group

Kernel  
Available for: macOS Monterey  
Impact: An app may be able to modify sensitive kernel state. Apple is  
aware of a report that this issue may have been actively exploited  
against versions of iOS released before iOS 15.7.1.  
Description: This issue was addressed with improved state management.  
CVE-2023-38606: Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin  
(@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of  
Kaspersky

Kernel  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-32441: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs SG  
Pte. Ltd.

libxpc  
Available for: macOS Monterey  
Impact: An app may be able to gain root privileges  
Description: A path handling issue was addressed with improved  
validation.  
CVE-2023-38565: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab  
(xlab.tencent.com)

libxpc  
Available for: macOS Monterey  
Impact: An app may be able to cause a denial-of-service  
Description: A logic issue was addressed with improved checks.  
CVE-2023-38593: Noah Roskin-Frazee

Model I/O  
Available for: macOS Monterey  
Impact: Processing a 3D model may result in disclosure of process memory  
Description: The issue was addressed with improved checks.  
CVE-2023-38421: Mickey Jin (@patch1t)  
CVE-2023-38258: Mickey Jin (@patch1t)

OpenLDAP  
Available for: macOS Monterey  
Impact: A remote user may be able to cause a denial-of-service  
Description: The issue was addressed with improved memory handling.  
CVE-2023-2953: Sandipan Roy

PackageKit  
Available for: macOS Monterey  
Impact: An app may be able to access user-sensitive data  
Description: A logic issue was addressed with improved restrictions.  
CVE-2023-38259: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Monterey  
Impact: An app may be able to modify protected parts of the file system  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2023-38602: Arsenii Kostromin (0x3c3e)

Shortcuts  
Available for: macOS Monterey  
Impact: A shortcut may be able to modify sensitive Shortcuts app  
settings  
Description: An access issue was addressed with improved access  
restrictions.  
CVE-2023-32442: an anonymous researcher

sips  
Available for: macOS Monterey  
Impact: Processing a file may lead to a denial-of-service or potentially  
disclose memory contents  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2023-32443: David Hoyt of Hoyt LLC

Additional recognition

Mail  
We would like to acknowledge Parvez Anwar for their assistance.

macOS Monterey 12.6.8 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmS/FLcACgkQ4RjMIDke  
NxkPqA//UEMIt/ksLf7frzEU/NVk3v1XYmkCn6ctkdh6CG6kZHfhRU9s27tN7QIE  
ZBvtFHn3JUE+uansicA19yeLaEZTlT94yLRbQejl8/+VIBEDuP1vaBCFcxYTaiI9  
cISnKq9ndc78hu8zTYMYu+CZPjYNAL1dGRJ3kp5u0F7TBuMpycDHfilHqgvGkDo6  
RuivVcC75cRqqqLAtJpGTzWDJWa2VlBnYgq20LyFSwuQ4h4yQK1npnelZkPCeXQc  
Hs/lGoMq++qjxar1WfoJOwdhm3/xfrR7303MEwAes3l/hHApGqkRJQkYqA/UDl2o  
YzYJaMMYi+BHfyA/DNH0kJRmcnmPBuONOevzEG7vxQNbUb+73RttlaAFYuCKN09m  
e1XNTeOaNjp0tvwqVFN1aU3YSJC/WQX6K1SKU6nAkRIER5C1fc2zgL4UAv8By+FA  
4lv3Zxwwzb47MIrCnzxd5ezw6tDQshbys5ZT9nP20eIkF69XtC2korfnvRFTwWpT  
MMwoMCtAZnUWk90RVnWvWweRlhHBZn31kCUfwohaCxjZ6f0QaUhRPJub8nJwrZI4  
bjtp2Cn10p1PzlZtHoZvJICS9fpr/bxwAFlM9du4C0mz/4JblEnWdGQcNcVQCf+C  
BqJlqMuJeKu+Uat+mzvD9MJE9g7qozm7xwvBXwQY9ph1xHTK/WY=  
=/L9p  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-07-24-5

Journal Management Software version 1.2.4 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Journal Management Software V1.2.4 Sql injection                                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://asanhamayesh.com/                                                                                           |  | # Dork      : Designer Asan Journal (Journal Management Software) Ver. 1.2.4                                                     |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] http://wwwjoavmcom/en/action.php?issue=1 <===== inject here[+] Panel : http://wwwjoavmcom/en/signin.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Journal Management Software 1.2.4 SQL Injection

Ubuntu Security Notice 6244-1 - Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6244-1  
July 25, 2023

amd64-microcode vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

AMD processors may allow an attacker to expose sensitive information due  
to a vector register speculative execution vulnerability.

Software Description:  
- amd64-microcode: Processor microcode firmware for AMD CPUs

Details:

Tavis Ormandy discovered that some AMD processors did not properly  
handle speculative execution of certain vector register instructions. A  
local attacker could use this to expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
  amd64-microcode                 3.20220411.1ubuntu3.1

Ubuntu 22.04 LTS:  
  amd64-microcode                 3.20191218.1ubuntu2.1

Ubuntu 20.04 LTS:  
  amd64-microcode                 3.20191218.1ubuntu1.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
  amd64-microcode                 3.20191021.1+really3.20181128.1~ubuntu0.18.04.1+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
  amd64-microcode                 3.20191021.1+really3.20180524.1~ubuntu0.16.04.2+esm1

After a standard system update you need to reboot your computer to make  
all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6244-1  
  CVE-2023-20593

Package Information:  
  https://launchpad.net/ubuntu/+source/amd64-microcode/3.20220411.1ubuntu3.1  
  https://launchpad.net/ubuntu/+source/amd64-microcode/3.20191218.1ubuntu2.1  
  https://launchpad.net/ubuntu/+source/amd64-microcode/3.20191218.1ubuntu1.1

Ubuntu Security Notice USN-6244-1

Joomla VirtueMart component version 2.6.12.2 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Joomla VirtueMart v2.6.12.2 SQL Injection Vulnerability                                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : http://dev.virtuemart.net/attachments/863/com_virtuemart.2.6.12.2.zip                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : index.php/headgear/results,1-60?filter_product=1[+] http://127.0.0.1/Virtue/index.php/headgear/results,1-60?filter_product=1 = inject her[+] http://127.0.0.1/Virtue/administrator/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Joomla VirtueMart 2.6.12.2 SQL Injection

Ubuntu Security Notice 6129-2 - USN-6129-1 fixed a vulnerability in Avahi. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Avahi incorrectly handled certain DBus messages. A local attacker could possibly use this issue to cause Avahi to crash, resulting in a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6129-2  
July 25, 2023

avahi vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Avahi could be made to crash if it received specially crafted DBus traffic.

Software Description:  
- avahi: IPv4LL network address configuration daemon

Details:

USN-6129-1 fixed a vulnerability in Avahi. This update provides the  
corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04  
LTS.

Original advisory details:

It was discovered that Avahi incorrectly handled certain DBus messages. A  
local attacker could possibly use this issue to cause Avahi to crash,  
resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
avahi-daemon 0.7-3.1ubuntu1.3+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
avahi-daemon 0.6.32~rc+dfsg-1ubuntu2.3+esm2

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
avahi-daemon 0.6.31-4ubuntu1.3+esm2

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-6129-2  
https://ubuntu.com/security/notices/USN-6129-1  
CVE-2023-1981

Source

Packet Storm