Apple Security Advisory 10-29-2024-1 - Safari 18.1 addresses an information leakage vulnerability.
0dd01065224021561e127b177e2c1247b87c84d4c78ddb4a6c229ce1b1475210Apple Security Advisory 10-28-2024-8 - visionOS 2.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
4a4d19451dcec351f697ed0716c2eb721eb13541df88e0e1b4b92f6f69c1f33aApple Security Advisory 10-28-2024-7 - tvOS 18.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
4dbe9b15531204c936e91b6526bc21fb2f9cae885c9e0692664d45d67f54933aApple Security Advisory 10-28-2024-6 - watchOS 11.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
525b4bdbe8cdfa817c5c7864cc44239e85f0ca6c2db97e406168b72347cf65ddApple Security Advisory 10-28-2024-5 - macOS Ventura 13.7.1 addresses bypass, information leakage, out of bounds access, out of bounds read, and out of bounds write vulnerabilities.
f6b8a6a11547a7ea1e34705f88f7b9e7a85e42d1e109ba73e3e767bae2914badApple Security Advisory 10-28-2024-4 - macOS Sonoma 14.7.1 addresses buffer overflow, bypass, information leakage, out of bounds access, out of bounds read, and out of bounds write vulnerabilities.
46109958546ee7aede47d47158c9f7c7b0bae37261b03c0409dd13eb565c77e5Apple Security Advisory 10-28-2024-3 - macOS Sequoia 15.1 addresses bypass, information leakage, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
d5dbf0c65f72566b9be057760bac7a73e25237374e8c784ff7de9d54c776e93cApple Security Advisory 10-28-2024-2 - iOS 17.7.1 and iPadOS 17.7.1 addresses buffer overflow, information leakage, and out of bounds read vulnerabilities.
199f9a81e47da6d8a1755b0ad00579bb1352d7270a5b119f9c6e9e141053ef60Apple Security Advisory 10-28-2024-1 - iOS 18.1 and iPadOS 18.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
58ebd9a8848273bbaf0756f4668c6c27304a6f655c30a087d66ed0abfba7c73eApple Security Advisory 10-03-2024-1 - iOS 18.0.1 and iPadOS 18.0.1 addresses an audio capturing issue and a logic issue related to passwords being read aloud.
7a39384feb5bf0709416f2a6a7dffb70b4e36d44e2e371744db1d68be2719b3cThis is a thorough write up of how to exploit a local privilege escalation vulnerability in iTunes for Windows version 12.13.2.3. Apple fixed this in version 12.13.3.
d695b4f1b1028346552105f4ee8239edee8add156e7b797895b5d5337070f75fA mitigation bypass / privilege escalation flaw has been discovered in Apple's iOS Screen Time functionality, granting one access to modify the restrictions. It allows a local attacker to acquire the Screen Time Passcode by bypassing the anti-bruteforce protections on the four-digit Passcode, and in consequence gaining total control over Screen Time (Parental Control) settings. Versions lower than 18 are affected.
75666d1dc71fb63eadc1180b8fde8bebebfa673977a37f948bb5e8bd009bd6f8Apple Security Advisory 09-16-2024-10 - macOS Ventura 13.7 addresses buffer overflow, bypass, out of bounds access, out of bounds read, and spoofing vulnerabilities.
83bec15ab00978bb0f11e5f9e97e565cb578510b79514deba529887e8947a015Apple Security Advisory 09-16-2024-9 - macOS Sonoma 14.7 addresses buffer overflow, bypass, out of bounds access, out of bounds read, out of bounds write, and spoofing vulnerabilities.
8c7c598c2151ce639d355f21defbebd09be8b2089b0d7ca88eaa2eab7d02cc0aApple Security Advisory 09-16-2024-8 - iOS 17.7 and iPadOS 17.7 addresses bypass, out of bounds access, and out of bounds read vulnerabilities.
4993b0fd28e2f9894d9a7a6b11b76fd5ab68a695255e84e47ffc88d2865ddeafApple Security Advisory 09-16-2024-7 - Xcode 16 addresses unauthorized access issues.
a9f654caa833e22ec318c428a9c9ddca09390fb9d6b6567f2484d2d566bdb417Apple Security Advisory 09-16-2024-6 - Safari 18 addresses cross site scripting and spoofing vulnerabilities.
8565030c81e5697f1f766f9a15d6dc4896c79e31fa63809ae8174b258ad1dd69Apple Security Advisory 09-16-2024-5 - visionOS 2 addresses cross site scripting, integer overflow, out of bounds access, and out of bounds read vulnerabilities.
c33139a06c51eeb99d320b409bf3dff9bf4f6d249df655edcfd84eafd70434a2Apple Security Advisory 09-16-2024-4 - watchOS 11 addresses cross site scripting, integer overflow, out of bounds access, and out of bounds read vulnerabilities.
cc37085fe262bc1e832562736dee07e94a59cea8867890657c7639a8a8399592Apple Security Advisory 09-16-2024-3 - tvOS 18 addresses cross site scripting, integer overflow, out of bounds access, and out of bounds read vulnerabilities.
c843d6fa186a698c1ffac01558f67ac6e0b1a38e1a1b300aaa7215b653a61d6fApple Security Advisory 09-16-2024-2 - macOS Sequoia 15 addresses buffer overflow, bypass, cross site scripting, integer overflow, out of bounds access, out of bounds read, out of bounds write, and spoofing vulnerabilities.
11e0895c93cecb300d8a33d6e28f17812bc77aab5debcbcbe16f0a04cf9334cbApple Security Advisory 09-16-2024-1 - iOS 18 and iPadOS 18 addresses bypass, cross site scripting, integer overflow, out of bounds access, and out of bounds read vulnerabilities.
fa8e9aa24c477ac62dac02f1d7ffb2d3727adf70a3fa512f104f0036e314d08eThis Metasploit module can be used to read the stored password of a vulnerable Apple Airport Extreme access point. Only a small number of firmware versions have the WDBRPC service running, however the factory configuration was vulnerable. It appears that firmware versions 5.0.x as well as 5.1.x are susceptible to this issue. Once the password is obtained, the access point can be managed using the Apple AirPort utility.
2fd6adb947740556bec13b31bd6224dcc19a86dab49c5a548ca5ac8935074e42This Metasploit module abuses an XSS vulnerability in versions prior to Firefox 39.0.3, Firefox ESR 38.1.1, and Firefox OS 2.2 that allows arbitrary files to be stolen. The vulnerability occurs in the PDF.js component, which uses Javascript to render a PDF inside a frame with privileges to read local files. The in-the-wild malicious payloads searched for sensitive files on Windows, Linux, and OSX. Android versions are reported to be unaffected, as they do not use the Mozilla PDF viewer.
51c57f3920e9435bf62bbd93f1635f5a4935408c0f9db23d25b25d8babebaaeeA vulnerability exists in versions of OSX, iOS, and Windows Safari released before April 8, 2015 that allows the non-HTTPOnly cookies of any domain to be stolen.
4a33fb3750429fbc48b60b65f9266ada10b36414af7a3f3d44b49aac0e5a6e4f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed