Apple Security Advisory 2023-03-27-2 - iOS 15.7.4 and iPadOS 15.7.4 addresses code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
727ce864b571911a1db87fd1c22cd9afa9aa45d6cc5ac3fb120d696344962c24
Apple Security Advisory 2023-03-27-1 - iOS 16.4 and iPadOS 16.4 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
7cf02a5429f677335b3e85e292f307419d32759e73ffd0964b3e10037f9e4867
Ubuntu Security Notice 5958-1 - It was discovered that FFmpeg could be made to dereference a null pointer. An attacker could possibly use this to cause a denial of service via application crash. These issues only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that FFmpeg could be made to access an out-of-bounds frame by the Apple RPZA encoder. An attacker could possibly use this to cause a denial of service via application crash or access sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.10.
b710f29c60cd37296fe80fdbacdb69f11d2246bd09c99140cec31c3ea61c73c5
Debian Linux Security Advisory 5352-1 - An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
d661d56f97324d31097d8132ca6c40a2190655ca85552ad31d778705cdc002df
Debian Linux Security Advisory 5351-1 - An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
51c629dee01a9c9d64f65b1650d86c9e02cc1b037408c471f53481115444c9f4
Apple Security Advisory 2023-02-13-3 - Safari 16.3.1 addresses a code execution vulnerability.
9498cee58c1019eeed0d5adc044ca79c9cc1d10dff76bd3358878893d9cd0285
Apple Security Advisory 2023-02-13-2 - macOS Ventura 13.2.1 addresses code execution and use-after-free vulnerabilities.
fdbefbd17eb97af76730b608dc7d442a50002fb2dd4e009a1e21cb028cd5c6ea
Apple Security Advisory 2023-02-13-1 - iOS 16.3.1 and iPadOS 16.3.1 addresses code execution and use-after-free vulnerabilities.
d89152ee8fb2142c43e87cd45bf4ef1e261abf40b7070b01da9441c3fc5c8a33
Apple Security Advisory 2023-01-24-1 - tvOS 16.3 addresses bypass, code execution, and information leakage vulnerabilities.
7372a36f401b5f8c67c0eb20699dade4d22f695f36963a2a23be13afe62dc190
Apple Security Advisory 2023-01-23-8 - Safari 16.3 addresses code execution vulnerabilities.
61d8a660abf7081692bb9315413c2a9bb7c1405bab878882031580f42a2ab335
Apple Security Advisory 2023-01-23-7 - watchOS 9.3 addresses bypass, code execution, and information leakage vulnerabilities.
f9f7b972faca743e67e384107ecddcabcd5a2d7ab1a62f92ef4ba018fac7d97a
Apple Security Advisory 2023-01-23-6 - macOS Big Sur 11.7.3 addresses buffer overflow, bypass, and code execution vulnerabilities.
aac95eb2a84296b6abbfaf3eadfc9a29430c5a2f313ef8710e3d5be26cb06bdb
Apple Security Advisory 2023-01-23-5 - macOS Monterey 12.6.3 addresses buffer overflow, bypass, code execution, and information leakage vulnerabilities.
86dd9b786a0318174acd539801f6e3fe6a86591529277185d71eb7e9e3237c4d
Apple Security Advisory 2023-01-23-4 - macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities.
0cd5bf89e176e4c213da4d53018a83b92e2203a6e71bf12d7a356eea1213909b
Apple Security Advisory 2023-01-23-3 - iOS 12.5.7 addresses a code execution vulnerability.
ca20c54235d1a4f84eeec3a278849a37e4ef1d9e2f491eaed9b3aa083fde48a7
Apple Security Advisory 2023-01-23-2 - iOS 15.7.3 and iPadOS 15.7.3 addresses bypass and code execution vulnerabilities.
ee21407e59469cf735e9640ce25355cae5d95a4bc602316d8f031114e7f5f84a
Apple Security Advisory 2023-01-23-1 - iOS 16.3 and iPadOS 16.3 addresses bypass, code execution, and information leakage vulnerabilities.
e1d38963e60058292ec5d46d069abb5e8a1cf75d83dab5ba0137f6766a463715
On newer macOS/iOS versions, entitlements in binary signature blobs are stored in the DER format. libCoreEntitlements.dylib is the userspace library for parsing and querying such entitlements. The kernel has its own version of this library inside the AppleMobileFileIntegrity module. libCoreEntitlements exposes several functions, such as, for example, to convert entitlements to a dictionary representation (e.g. CEQueryContextToCFDictionary) or to query a specific entitlement (CEContextQuery). Unfortunately, different functions traverse the DER structure in a subtly different way, which allows one API to see one set of entitlements and another API to see a different set of entitlements.
9313c983a56ba7500d8b9861b16b1c103ae3a9454de12a836126f89cec59a1b8
Apple Security Advisory 2022-12-13-9 - Safari 16.2 addresses bypass, code execution, and use-after-free vulnerabilities.
87491cf833b3a49e10aa9918314bf6489321d8e04cec6939d195cb3f70c77dc2
Apple Security Advisory 2022-12-13-8 - watchOS 9.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.
cbfa8ceb09614901b4b0bb05115fb58ae50c3fb04ef6395b18e75c81436f174b
Apple Security Advisory 2022-12-13-7 - tvOS 16.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.
74ff4e02487d4bc615b6697e750a64c98e8fc416e7a5b739eed037fe127f069f
Apple Security Advisory 2022-12-13-6 - macOS Big Sur 11.7.2 addresses bypass, code execution, and integer overflow vulnerabilities.
b48a9c145ba81d8365508dc0787f261528fad814dc56294c6d211e6f8f3983bf
Apple Security Advisory 2022-12-13-5 - macOS Monterey 12.6.2 addresses bypass, code execution, and integer overflow vulnerabilities.
79a709b247d426bc8ab1d7a71fb6c94fddc8ffaba7db1441df2a880027444228
Apple Security Advisory 2022-12-13-4 - macOS Ventura 13.1 addresses bypass, code execution, out of bounds access, out of bounds write, spoofing, and use-after-free vulnerabilities.
b3bbef4a98914d0e5167d5e357e15f513f9d357c6df7cfdad446ecc8856061ac
Apple Security Advisory 2022-12-13-3 - iOS 16.1.2 addresses a code execution vulnerability.
3b5d9bba95f3634a64c2835668e5a726e2c51758bd9516987236fb25666d5d7f