#mac

**According to the CVSS metric, the attack complexity is high (AC:H). What does this mean for this vulnerability?** The vulnerability enables data leakage only when a user's script is improperly used and triggers specific errors. The conditions required for triggering the error are not easily met making the complexity high.

**What is the attack vector for this vulnerability?** To exploit this vulnerability, an attacker would need to launch a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine.

Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices. This includes updates for 12 security vulnerabilities in iOS and iPadOS spanning AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari

A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages.

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2. An app may be able to access sensitive user data.

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution.

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access protected user data.

An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.)

We have identified that this project contains an out-of-date version of the Public Suffix List (https://publicsuffix.org/). We are carrying out research to identify the potential impacts of using old versions of the Public Suffix List, and we intend to publish our results in academic conferences and journals. Our results will become publicly available after 21 days; this provides time to update your project with an up-to-date version of the Public Suffix List. GitHub repository: gsemac/Gsemac.Common Public Suffix List path: src/Gsemac.Net/Resources/public_suffix_list.dat The Public Suffix List is regularly updated (generally a few times per week), and to ensure that the correct privacy boundaries are maintained between websites, applications that use it should routinely fetch an updated copy. If new suffixes are added to the list, and an old list is then used, privacy boundaries will not be constructed correctly, allowing for data (e.g., cookies) to be set incorrectly, potentially ha...