Apple Security Advisory 03-07-2024-6 - tvOS 17.4 addresses buffer overflow, bypass, and code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-03-07-2024-6 tvOS 17.4

tvOS 17.4 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT214086.

Apple maintains a Security Releases page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Accessibility  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: A malicious app may be able to observe user data in log entries  
related to accessibility notifications  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-23291

AppleMobileFileIntegrity  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to elevate privileges  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2024-23288: Wojciech Regula of SecuRing (wojciechregula.blog) and  
Kirin (@Pwnrin)

CoreBluetooth - LE  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to access Bluetooth-connected microphones  
without user permission  
Description: An access issue was addressed with improved access  
restrictions.  
CVE-2024-23250: Guilherme Rambo of Best Buddy Apps (rambo.codes)

file  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing a file may lead to a denial-of-service or potentially  
disclose memory contents  
Description: This issue was addressed with improved checks.  
CVE-2022-48554

Image Processing  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23270: an anonymous researcher

ImageIO  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing an image may lead to arbitrary code execution  
Description: A buffer overflow issue was addressed with improved memory  
handling.  
CVE-2024-23286: Dohyun Lee (@l33d0hyun)

Kernel  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to access user-sensitive data  
Description: A race condition was addressed with additional validation.  
CVE-2024-23235

Kernel  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to cause unexpected system termination or  
write kernel memory  
Description: A memory corruption vulnerability was addressed with  
improved locking.  
CVE-2024-23265: Xinru Chi of Pangu Lab

Kernel  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An attacker with arbitrary kernel read and write capability may  
be able to bypass kernel memory protections. Apple is aware of a report  
that this issue may have been exploited.  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2024-23225

libxpc  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to break out of its sandbox  
Description: The issue was addressed with improved checks.  
CVE-2024-23278: an anonymous researcher

libxpc  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to execute arbitrary code out of its sandbox  
or with certain elevated privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-0258: ali yabuz

MediaRemote  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: A malicious application may be able to access private  
information  
Description: The issue was addressed with improved checks.  
CVE-2024-23297: scj643

Metal  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An application may be able to read restricted memory  
Description: A validation issue was addressed with improved input  
sanitization.  
CVE-2024-23264: Meysam Firouzi @R00tkitsmm working with Trend Micro Zero  
Day Initiative

RTKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An attacker with arbitrary kernel read and write capability may  
be able to bypass kernel memory protections. Apple is aware of a report  
that this issue may have been exploited.  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2024-23296

Sandbox  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to leak sensitive user information  
Description: A race condition was addressed with improved state  
handling.  
CVE-2024-23239: Mickey Jin (@patch1t)

Sandbox  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to access user-sensitive data  
Description: A logic issue was addressed with improved restrictions.  
CVE-2024-23290: Wojciech Regula of SecuRing (wojciechregula.blog)

Siri  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An attacker with physical access may be able to use Siri to  
access sensitive user data  
Description: This issue was addressed through improved state management.  
CVE-2024-23293: Bistrit Dahal

Spotlight  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to leak sensitive user information  
Description: This issue was addressed through improved state management.  
CVE-2024-23241

UIKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to break out of its sandbox  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2024-23246: Deutsche Telekom Security GmbH sponsored by Bundesamt  
für Sicherheit in der Informationstechnik

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 259694  
CVE-2024-23226: Pwn2car

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: A malicious website may exfiltrate audio data cross-origin  
Description: The issue was addressed with improved UI handling.  
WebKit Bugzilla: 263795  
CVE-2024-23254: James Lee (@Windowsrcer)

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing maliciously crafted web content may prevent Content  
Security Policy from being enforced  
Description: A logic issue was addressed with improved validation.  
WebKit Bugzilla: 264811  
CVE-2024-23263: Johan Carlsson (joaxcar)

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: A maliciously crafted webpage may be able to fingerprint the  
user  
Description: An injection issue was addressed with improved validation.  
WebKit Bugzilla: 266703  
CVE-2024-23280: an anonymous researcher

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing maliciously crafted web content may prevent Content  
Security Policy from being enforced  
Description: A logic issue was addressed with improved state management.  
WebKit Bugzilla: 267241  
CVE-2024-23284: Georg Felber and Marco Squarcina

Additional recognition

CoreAnimation  
We would like to acknowledge Junsung Lee for their assistance.

CoreMotion  
We would like to acknowledge Eric Dorphy of Twin Cities App Dev LLC for  
their assistance.

Kernel  
We would like to acknowledge Tarek Joumaa (@tjkr0wn) for their  
assistance.

libxml2  
We would like to acknowledge OSS-Fuzz, Ned Williamson of Google Project  
Zero for their assistance.

libxpc  
We would like to acknowledge Rasmus Sten, F-Secure (Mastodon:  
@pajp@blog.dll.nu), and an anonymous researcher for their assistance.

Photos  
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi  
Narain College Of Technology Bhopal for their assistance.

Power Management  
We would like to acknowledge Pan ZhenPeng (@Peterpan0927) of STAR Labs  
SG Pte. Ltd. for their assistance.

Sandbox  
We would like to acknowledge Zhongquan Li (@Guluisacat) for their  
assistance.

Siri  
We would like to acknowledge Bistrit Dahal for their assistance.

Software Update  
We would like to acknowledge Bin Zhang of Dublin City University for  
their assistance.

WebKit  
We would like to acknowledge Nan Wang (@eternalsakura13) of 360  
Vulnerability Research Institute, Valentino Dalla Valle, Pedro Bernardo,  
Marco Squarcina, and Lorenzo Veronese of TU Wien for their assistance.

Apple TV will periodically check for software updates. Alternatively,  
you may manually check for software updates by selecting "Settings ->  
System -> Software Update -> Update Software."  To check the current  
version of software, select "Settings -> General -> About."  
All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmXqcgcACgkQX+5d1TXa  
IvrIdQ/9HRpg5/rTwCLemvmrsOZ3yt/cvAd9UD9uy9BFVL3yQfAStC1GBdCIZlc7  
5DUtJVCGMDb77PDK64P74Z2METMrvy5jeSCkAlCHv1FYe4F4LC8j01Dj9CEms6uI  
QAfvzSMrbVaBlXJte/x1IeI+zXwtZS4XgvpYH3kjoZbeGspxOM5z3vKRvuk0WNC9  
7FHJ43HFecsHF6mBe7Nr/8iwMxtsNwWKknaT4wywXE8hEde1OaSVya370H38SS+n  
GuSG2ivIDN8hGVvL8pCqqVqzAtNq5BzVSQ4aQ1+4MDB8QWLP/FGnjYi83qS6hDO0  
AE5TGvMOKfxqKwg4eh4ohtSvsHzXrEVG5yQgvVpz4yd4JxRizSGBloDhyDLlXL+l  
1PnuFaPFx+b6EkvafIdzo4b1O2Y6CnDy0iFrXdU3pbWG/QImxL6Krg6NtXcHGFWD  
h7iNnhJ14elhKEwTuoI0c9QlRTwRyCKSdrM8AEravz8VaoHGXJlb1SPtLUAejwH4  
kOoAT+zAb4EOELUWtgSk4d+tQeBKhD6sgOPkn6olGi5X0HJTHxiMqFCMbfNDk8Ko  
gTuMdmCOLYRbTSqoaJWW2gv9hLYoYBul9tKRgrQT6WdfKbH5WiCvZ9v7z1N4Ur8+  
l7syGGcrIX/eC2lZWGfaw49fLobn8PGvaM6cxazDhEYl9BRGlpc=  
=AI8u  
-----END PGP SIGNATURE-----

Apple Security Advisory 03-07-2024-6

Apple Security Advisory 03-07-2024-5 - watchOS 10.4 addresses buffer overflow, bypass, and code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-03-07-2024-5 watchOS 10.4

watchOS 10.4 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT214088.

Apple maintains a Security Releases page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Accessibility  
Available for: Apple Watch Series 4 and later  
Impact: A malicious app may be able to observe user data in log entries  
related to accessibility notifications  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-23291

AppleMobileFileIntegrity  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to elevate privileges  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2024-23288: Wojciech Regula of SecuRing (wojciechregula.blog) and  
Kirin (@Pwnrin)

CoreBluetooth - LE  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access Bluetooth-connected microphones  
without user permission  
Description: An access issue was addressed with improved access  
restrictions.  
CVE-2024-23250: Guilherme Rambo of Best Buddy Apps (rambo.codes)

file  
Available for: Apple Watch Series 4 and later  
Impact: Processing a file may lead to a denial-of-service or potentially  
disclose memory contents  
Description: This issue was addressed with improved checks.  
CVE-2022-48554

ImageIO  
Available for: Apple Watch Series 4 and later  
Impact: Processing an image may lead to arbitrary code execution  
Description: A buffer overflow issue was addressed with improved memory  
handling.  
CVE-2024-23286: Dohyun Lee (@l33d0hyun)

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access user-sensitive data  
Description: A race condition was addressed with additional validation.  
CVE-2024-23235

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to cause unexpected system termination or  
write kernel memory  
Description: A memory corruption vulnerability was addressed with  
improved locking.  
CVE-2024-23265: Xinru Chi of Pangu Lab

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An attacker with arbitrary kernel read and write capability may  
be able to bypass kernel memory protections. Apple is aware of a report  
that this issue may have been exploited.  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2024-23225

libxpc  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to break out of its sandbox  
Description: The issue was addressed with improved checks.  
CVE-2024-23278: an anonymous researcher

libxpc  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to execute arbitrary code out of its sandbox  
or with certain elevated privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-0258: ali yabuz

MediaRemote  
Available for: Apple Watch Series 4 and later  
Impact: A malicious application may be able to access private  
information  
Description: The issue was addressed with improved checks.  
CVE-2024-23297: scj643

Messages  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access user-sensitive data  
Description: A privacy issue was addressed with improved handling of  
temporary files.  
CVE-2024-23287: Kirin (@Pwnrin)

RTKit  
Available for: Apple Watch Series 4 and later  
Impact: An attacker with arbitrary kernel read and write capability may  
be able to bypass kernel memory protections. Apple is aware of a report  
that this issue may have been exploited.  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2024-23296

Sandbox  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to leak sensitive user information  
Description: A race condition was addressed with improved state  
handling.  
CVE-2024-23239: Mickey Jin (@patch1t)

Sandbox  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access user-sensitive data  
Description: A logic issue was addressed with improved restrictions.  
CVE-2024-23290: Wojciech Regula of SecuRing (wojciechregula.blog)

Share Sheet  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access user-sensitive data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-23231: Kirin (@Pwnrin) and luckyu (@uuulucky)

Siri  
Available for: Apple Watch Series 4 and later  
Impact: A person with physical access to a device may be able to use  
Siri to access private calendar information  
Description: A lock screen issue was addressed with improved state  
management.  
CVE-2024-23289: Lewis Hardy

Siri  
Available for: Apple Watch Series 4 and later  
Impact: An attacker with physical access may be able to use Siri to  
access sensitive user data  
Description: This issue was addressed through improved state management.  
CVE-2024-23293: Bistrit Dahal

UIKit  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to break out of its sandbox  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2024-23246: Deutsche Telekom Security GmbH sponsored by Bundesamt  
für Sicherheit in der Informationstechnik

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 259694  
CVE-2024-23226: Pwn2car

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: A malicious website may exfiltrate audio data cross-origin  
Description: The issue was addressed with improved UI handling.  
WebKit Bugzilla: 263795  
CVE-2024-23254: James Lee (@Windowsrcer)

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing maliciously crafted web content may prevent Content  
Security Policy from being enforced  
Description: A logic issue was addressed with improved validation.  
WebKit Bugzilla: 264811  
CVE-2024-23263: Johan Carlsson (joaxcar)

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: A maliciously crafted webpage may be able to fingerprint the  
user  
Description: An injection issue was addressed with improved validation.  
WebKit Bugzilla: 266703  
CVE-2024-23280: an anonymous researcher

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing maliciously crafted web content may prevent Content  
Security Policy from being enforced  
Description: A logic issue was addressed with improved state management.  
WebKit Bugzilla: 267241  
CVE-2024-23284: Georg Felber and Marco Squarcina

Additional recognition

CoreAnimation  
We would like to acknowledge Junsung Lee for their assistance.

CoreMotion  
We would like to acknowledge Eric Dorphy of Twin Cities App Dev LLC for  
their assistance.

Find My  
We would like to acknowledge Meng Zhang (鲸落) of NorthSea for their  
assistance.

Kernel  
We would like to acknowledge Tarek Joumaa (@tjkr0wn) for their  
assistance.

libxml2  
We would like to acknowledge OSS-Fuzz, and Ned Williamson of Google  
Project Zero for their assistance.

libxpc  
We would like to acknowledge Rasmus Sten, F-Secure (Mastodon:  
@pajp@blog.dll.nu), and an anonymous researcher for their assistance.

Power Management  
We would like to acknowledge Pan ZhenPeng (@Peterpan0927) of STAR Labs  
SG Pte. Ltd. for their assistance.

Sandbox  
We would like to acknowledge Zhongquan Li (@Guluisacat) for their  
assistance.

Siri  
We would like to acknowledge Bistrit Dahal for their assistance.

Software Update  
We would like to acknowledge Bin Zhang of Dublin City University for  
their assistance.

WebKit  
We would like to acknowledge Nan Wang (@eternalsakura13) of 360  
Vulnerability Research Institute, Valentino Dalla Valle, Pedro Bernardo,  
Marco Squarcina, and Lorenzo Veronese of TU Wien for their assistance.

Instructions on how to update your Apple Watch software are available  
at https://support.apple.com/kb/HT204641  To check the version on  
your Apple Watch, open the Apple Watch app on your iPhone and select  
"My Watch > General > About".  Alternatively, on your watch, select  
"My Watch > General > About".  
All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmXqceUACgkQX+5d1TXa  
IvonOhAAwwl6+Y0b68Rv2candfehqbFS9AF1RoPqGJyBZ+BcPszyPktyhxfBV7jQ  
HRiR/GCFn+m8wFtARsEQ7dqe2me/qW7Gmq7jre5A4oasMNJzSWJ/5y1hcKkbnT2A  
tWYzbqtDTmxwcPgOPEZxmOZr85TRcWcyHqOMFFKXM5iwq6bChItd0q4YqpDKIJqJ  
VvrmxWZ8xEhAqxuWUMDomGEldQB+omlZDdE+Vy6cr+vJRUt9J06GQghZG5lVTQI3  
Bv0wuNhmm0cw9rKOhUeqCwWjjzKqUodz70RgK3ihvlq3348BTNaKVL7rj/Xjla32  
Ov5VUqgPl7TZ+cndITT2XTLD7PV5Jcb5emyQiMlVmUS+gLs0EDcwdelycsZ9BWIy  
lMIqapJojAtaUiMSxgjYiILpNvBpgtgwh7kVNzPh5B740H5GuEF5WTtSDWupJ+/R  
voTF1VIBeG/Q3W63Sg39D909Gw+xoiqtw+EF4E44xrzAnNb6mefbUpNKu9533WcD  
wpJzg0lj0cTHwEvOHMqARVoFGNf8a8awPHzwugiZVuigW7eKjm+iXkhKJRxovi5r  
A2UlktISxWrcJ4jD3BS/MLOtD62IKIH4yWr7TR9Lku3JE7X4TZHzqzcOzPaTTCl7  
NGW88NsCC7F1k2kJltcEXBP4WhkMJNcZzBjJRoahScWUOxNd0FE=  
=6g/T  
-----END PGP SIGNATURE-----

Apple Security Advisory 03-07-2024-5

Apple Security Advisory 03-07-2024-4 - macOS Monterey 12.7.4 addresses buffer overflow, bypass, code execution, and out of bounds write vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4

macOS Monterey 12.7.4 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT214083.

Apple maintains a Security Releases page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Admin Framework  
Available for: macOS Monterey  
Impact: An app may be able to elevate privileges  
Description: A logic issue was addressed with improved checks.  
CVE-2024-23276: Kirin (@Pwnrin)

Airport  
Available for: macOS Monterey  
Impact: An app may be able to read sensitive location information  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-23227: Brian McNulty

AppleMobileFileIntegrity  
Available for: macOS Monterey  
Impact: An app may be able to modify protected parts of the file system  
Description: A downgrade issue affecting Intel-based Mac computers was  
addressed with additional code-signing restrictions.  
CVE-2024-23269: Mickey Jin (@patch1t)

ColorSync  
Available for: macOS Monterey  
Impact: Processing a file may lead to unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23247: m4yfly with TianGong Team of Legendsec at Qi'anxin Group

CoreCrypto  
Available for: macOS Monterey  
Impact: An attacker may be able to decrypt legacy RSA PKCS#1 v1.5  
ciphertexts without having the private key  
Description: A timing side-channel issue was addressed with improvements  
to constant-time computation in cryptographic functions.  
CVE-2024-23218: Clemens Lang

Dock  
Available for: macOS Monterey  
Impact: An app from a standard user account may be able to escalate  
privilege after admin user login  
Description: A logic issue was addressed with improved restrictions.  
CVE-2024-23244: Csaba Fitzl (@theevilbit) of OffSec

Image Processing  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23270: an anonymous researcher

ImageIO  
Available for: macOS Monterey  
Impact: Processing an image may lead to arbitrary code execution  
Description: A buffer overflow issue was addressed with improved memory  
handling.  
CVE-2024-23286: Dohyun Lee (@l33d0hyun)

ImageIO  
Available for: macOS Monterey  
Impact: Processing an image may result in disclosure of process memory  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23257: Junsung Lee working with Trend Micro Zero Day Initiative

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2024-23234: Murray Mike

Kerberos v5 PAM module  
Available for: macOS Monterey  
Impact: An app may be able to modify protected parts of the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-23266: Pedro Tôrres (@t0rr3sp3dr0)

Kernel  
Available for: macOS Monterey  
Impact: An app may be able to cause unexpected system termination or  
write kernel memory  
Description: A memory corruption vulnerability was addressed with  
improved locking.  
CVE-2024-23265: Xinru Chi of Pangu Lab

Kernel  
Available for: macOS Monterey  
Impact: An attacker with arbitrary kernel read and write capability may  
be able to bypass kernel memory protections. Apple is aware of a report  
that this issue may have been exploited.  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2024-23225

libxpc  
Available for: macOS Monterey  
Impact: An app may be able to cause a denial-of-service  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-23201: Koh M. Nakagawa of FFRI Security, Inc. and an anonymous  
researcher

MediaRemote  
Available for: macOS Monterey  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2023-28826: Meng Zhang (鲸落) of NorthSea

Metal  
Available for: macOS Monterey  
Impact: An application may be able to read restricted memory  
Description: A validation issue was addressed with improved input  
sanitization.  
CVE-2024-23264: Meysam Firouzi @R00tkitsmm working with Trend Micro Zero  
Day Initiative

Notes  
Available for: macOS Monterey  
Impact: An app may be able to access user-sensitive data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-23283

PackageKit  
Available for: macOS Monterey  
Impact: An app may be able to elevate privileges  
Description: An injection issue was addressed with improved input  
validation.  
CVE-2024-23274: Bohdan Stasiuk (@Bohdan_Stasiuk)  
CVE-2024-23268: Mickey Jin (@patch1t), and Pedro Tôrres (@t0rr3sp3dr0)

PackageKit  
Available for: macOS Monterey  
Impact: An app may be able to access protected user data  
Description: A race condition was addressed with additional validation.  
CVE-2024-23275: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Monterey  
Impact: An app may be able to bypass certain Privacy preferences  
Description: The issue was addressed with improved checks.  
CVE-2024-23267: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Monterey  
Impact: An app may be able to overwrite arbitrary files  
Description: A path handling issue was addressed with improved  
validation.  
CVE-2024-23216: Pedro Tôrres (@t0rr3sp3dr0)

SharedFileList  
Available for: macOS Monterey  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved file handling.  
CVE-2024-23230: Mickey Jin (@patch1t)

Shortcuts  
Available for: macOS Monterey  
Impact: A shortcut may be able to use sensitive data with certain  
actions without prompting the user  
Description: The issue was addressed with additional permissions checks.  
CVE-2024-23204: Jubaer Alnazi (@h33tjubaer)

Shortcuts  
Available for: macOS Monterey  
Impact: Third-party shortcuts may use a legacy action from Automator to  
send events to apps without user consent  
Description: This issue was addressed by adding an additional prompt for  
user consent.  
CVE-2024-23245: an anonymous researcher

Storage Services  
Available for: macOS Monterey  
Impact: A user may gain access to protected parts of the file system  
Description: A logic issue was addressed with improved checks.  
CVE-2024-23272: Mickey Jin (@patch1t)

macOS Monterey 12.7.4 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmXqccMACgkQX+5d1TXa  
IvoRPw//aOvhmfw+nqXXgAMv5Ptm8/G29gC7vtiS6WVFJsmUEQA5aM5P8KYRT1VP  
UtxDS0ShqKze958tIsiGpOshP7jildMmv52VKLG3HIV8XTTgiSBmO7ODPheGQaaG  
wgUkoZbue7VRSr9UZEm8qbLPdJpCUIbSWJImRbE6k4+Ap1IqRsYVv01gLN9+Ohhw  
tv6ObXbqeKI7EjRcfxqAG/SdehWg2azogMsdrq+wfpaEZG+Fy6B2NPu8AOcKICRQ  
to8JKPWMvtoGjbns5r8OPd9O29z3icsIB8b3qfQZHTc5i/eWi++VoAhLR2lEq8Ts  
hUPbOyf1AU4BeFKCC2MI060lOwK1WE4LRvD/CWv0g02b+yW9lXQ5xTah4+ycYaEp  
vXbxtlp7Da8s0XTDACFVvfMMN7fi3NIBSjwtz6YnqN6cxVnV/re69UYwuT44aJ4s  
UA5NElkhe7NZJ1+QQ5mSws19+PjP7TZpdeaPxxQfr6JN2Mi0a52tCaCmF0gIZHJj  
/HyjQzJHb40w5e4Vqw2r4GxvgZvjmUiW4pvPXgKD+6Ykp+g4lhHldSSFnDakjSy3  
OUM2idhKAHeHdFSm6UEv4ehhJM660DbDRujaZPpVuSKpcqKS79vcjs/gD/EGt/uG  
rhwMQd321+WzaKcGxu0gbAVRMzAtP/yxMEovCU2zFfh3AxbopDg=  
=KbmJ  
-----END PGP SIGNATURE-----

Apple Security Advisory 03-07-2024-4

Red Hat Security Advisory 2024-1323-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Issues addressed include out of bounds write and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1323.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kpatch-patch security update  
Advisory ID:        RHSA-2024:1323-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1323  
Issue date:         2024-03-14  
Revision:           03  
CVE Names:          CVE-2022-42896  
====================================================================

Summary: 

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)

* kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)

* kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896)

* kernel: out-of-bounds write in qfq_change_class function (CVE-2023-31436)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-42896

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2147364  
https://bugzilla.redhat.com/show_bug.cgi?id=2192671  
https://bugzilla.redhat.com/show_bug.cgi?id=2244723  
https://bugzilla.redhat.com/show_bug.cgi?id=2245514

Red Hat Security Advisory 2024-1323-03

Red Hat Security Advisory 2024-1321-03 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug and security fixes. Issues addressed include a remote SQL injection vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1321.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: ACS 4.3 enhancement and security updateAdvisory ID:        RHSA-2024:1321-03Product:            Red Hat Advanced Cluster Security for KubernetesAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1321Issue date:         2024-03-14Revision:           03CVE Names:          CVE-2024-27289====================================================================Summary: Updated images are now available for Red Hat Advanced Cluster Security. Theupdated image includes bug and security fixes.Red Hat Product Security has rated this update as having a security impact ofModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Description:This release of RHACS 4.3.5 provides the following bug fix:* Fixed an issue where an upgrade to RHACS 4.3 from a previous version caused the Central component to enter a crash loop.It provides the following security fixes:* pgx: SQL Injection via Protocol Message Size Overflow (CVE-2024-27304)* pgx: SQL Injection via Line Comment Creation (CVE-2024-27289)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:CVE-2024-27289References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2268269https://bugzilla.redhat.com/show_bug.cgi?id=2268465https://issues.redhat.com/browse/ROX-23133

Red Hat Security Advisory 2024-1321-03

Red Hat Security Advisory 2024-1315-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1315.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql:13 security updateAdvisory ID:        RHSA-2024:1315-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1315Issue date:         2024-03-13Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Red Hat Security Advisory 2024-1315-03

Red Hat Security Advisory 2024-1314-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1314.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql:15 security updateAdvisory ID:        RHSA-2024:1314-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1314Issue date:         2024-03-13Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Red Hat Security Advisory 2024-1314-03

GitLab CE/EE versions prior to 16.7.2 suffer from a password reset vulnerability.

Change Mirror Download

    # Exploit Title: GitLab CE/EE < 16.7.2 - Password Reset# Exploit Author: Sebastian Kriesten (0xB455)# Twitter: https://twitter.com/0xB455# Date: 2024-01-12# Vendor Homepage: gitlab.com# Vulnerability disclosure: https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/# Version: <16.7.2, <16.6.4, <16.5.6# CVE: CVE-2023-7028Proof of Concept:user[email][]=valid@email.com&user[email][]=attacker@email.com

GitLab CE/EE Password Reset

Red Hat Security Advisory 2024-1311-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1311.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: .NET 8.0 security updateAdvisory ID:        RHSA-2024:1311-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1311Issue date:         2024-03-13Revision:           03CVE Names:          CVE-2024-21392====================================================================Summary: An update for .NET 8.0 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.103 and .NET Runtime 8.0.3.Security Fix(es):* dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-21392References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2268266

Red Hat Security Advisory 2024-1311-03

Red Hat Security Advisory 2024-1310-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1310.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: .NET 8.0 security updateAdvisory ID:        RHSA-2024:1310-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1310Issue date:         2024-03-13Revision:           03CVE Names:          CVE-2024-21392====================================================================Summary: An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.103 and .NET Runtime 8.0.3.Security Fix(es):* dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-21392References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2268266

Tag

#vulnerability