Security News

APPLE-SA-12-11-2024-9 Safari 18.2

Full Disclosure - 12 December, 2024 - 15:40

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-9 Safari 18.2

Safari 18.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121846.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Safari
Available for: macOS Ventura and macOS Sonoma
Impact: On a device with Private Relay enabled, adding a website to the
Safari...

APPLE-SA-12-11-2024-8 visionOS 2.2

Full Disclosure - 12 December, 2024 - 15:40

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-8 visionOS 2.2

visionOS 2.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121845.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Crash Reporter
Available for: Apple Vision Pro
Impact: An app may be able to access sensitive user data
Description: A permissions...

APPLE-SA-12-11-2024-7 tvOS 18.2

Full Disclosure - 12 December, 2024 - 15:40

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-7 tvOS 18.2

tvOS 18.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121844.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleMobileFileIntegrity
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: A malicious app may be able to access private...

APPLE-SA-12-11-2024-6 watchOS 11.2

Full Disclosure - 12 December, 2024 - 15:40

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-6 watchOS 11.2

watchOS 11.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121843.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleMobileFileIntegrity
Available for: Apple Watch Series 6 and later
Impact: A malicious app may be able to access private...

APPLE-SA-12-11-2024-5 macOS Ventura 13.7.2

Full Disclosure - 12 December, 2024 - 15:40

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-5 macOS Ventura 13.7.2

macOS Ventura 13.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121842.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Apple Software Restore
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data...

APPLE-SA-12-11-2024-4 macOS Sonoma 14.7.2

Full Disclosure - 12 December, 2024 - 15:40

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-4 macOS Sonoma 14.7.2

macOS Sonoma 14.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121840.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Apple Software Restore
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description:...

APPLE-SA-12-11-2024-3 macOS Sequoia 15.2

Full Disclosure - 12 December, 2024 - 15:40

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-3 macOS Sequoia 15.2

macOS Sequoia 15.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121839.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Apple Software Restore
Available for: macOS Sequoia
Impact: An app may be able to access user-sensitive data
Description:...

APPLE-SA-12-11-2024-2 iPadOS 17.7.3

Full Disclosure - 12 December, 2024 - 15:40

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-2 iPadOS 17.7.3

iPadOS 17.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121838.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch,
and iPad 6th generation
Impact: Processing a...

APPLE-SA-12-11-2024-1 iOS 18.2 and iPadOS 18.2

Full Disclosure - 12 December, 2024 - 15:40

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2024-1 iOS 18.2 and iPadOS 18.2

iOS 18.2 and iPadOS 18.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121837.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleMobileFileIntegrity
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd...

SEC Consult SA-20241211-0 :: Reflected Cross-Site Scripting in Numerix License Server Administration System Login

Full Disclosure - 12 December, 2024 - 15:40

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Dec 12

SEC Consult Vulnerability Lab Security Advisory < 20241211-0 >
=======================================================================
title: Reflected Cross-Site Scripting
product: Numerix License Server Administration System Login
vulnerable version: 1.1_596
fixed version: -
CVE number: CVE-2024-50585
impact: medium
homepage: https://connect.numerix.com/nlslogin.jsp...

St. Poelten UAS | Multiple Vulnerabilities in ORing IAP

Full Disclosure - 12 December, 2024 - 15:39

Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 12

St. Pölten UAS 20241209-0
-------------------------------------------------------------------------------
title| Multiple Vulnerabilities in ORing IAP
product| ORing IAP-420
vulnerable version| 2.01e
fixed version| -
CVE number| CVE-2024-55544, CVE-2024-55545, CVE-2024-55546,
| CVE-2024-55547, CVE-2024-55548
impact| High
homepage|...

SEC Consult SA-20241204-0 :: Multiple Critical Vulnerabilities in Image Access Scan2Net (14 CVE)

Full Disclosure - 4 December, 2024 - 23:26

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Dec 04

SEC Consult Vulnerability Lab Security Advisory < 20241204-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Image Access Scan2Net
vulnerable version: Firmware <=7.40, <=7.42, <7.42B
(depending on the vulnerability)
fixed version: mostly fixed in v7.42B
CVE number: CVE-2024-28138,...

Microsoft Warbird and PMP security research - technical doc

Full Disclosure - 3 December, 2024 - 04:10

Posted by Security Explorations on Dec 03

Hello All,

We have released a technical document pertaining to our Warbird / PMP security
research. It is available for download from this location:

https://security-explorations.com/materials/wbpmp_doc.md.txt

The document provides a more in-depth technical explanation, illustration and
verification of discovered attacks affecting PlayReady on Windows 10 / 11 x64
and pertaining to the following in particular:
- Warbird deficiencies
- content...

Access Control in Paxton Net2 software

Full Disclosure - 2 December, 2024 - 23:37

Posted by Jeroen Hermans via Fulldisclosure on Dec 02

CloudAware Security Advisory

[CVE pending]: Potential PII leak and incorrect access control in Paxton
Net2 software

========================================================================
Summary
========================================================================
Insecure backend database in the Paxton Net2 software. Possible leaking
of PII incorrect access control.
No physical access to computer running Paxton Net2 is required....

SEC Consult SA-20241127-0 :: Stored Cross-Site Scripting in Omada Identity (CVE-2024-52951)

Full Disclosure - 27 November, 2024 - 13:58

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Nov 27

SEC Consult Vulnerability Lab Security Advisory < 20241127-0 >
=======================================================================
title: Stored Cross-Site Scripting
product: Omada Identity
vulnerable version: <v15U1, <v14.14 hotfix #309
fixed version: v15U1, v14.14 hotfix #309
CVE number: CVE-2024-52951
impact: Medium
homepage:...

SEC Consult SA-20241125-0 :: Unlocked JTAG interface and buffer overflow in Siemens SM-2558 Protocol Element, Siemens CP-2016 & CP-2019

Full Disclosure - 27 November, 2024 - 13:58

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Nov 27

SEC Consult Vulnerability Lab Security Advisory < 20241125-0 >
=======================================================================
title: Unlocked JTAG interface and buffer overflow
product: Siemens SM-2558 Protocol Element (extension module for
Siemens SICAM AK3/TM/BC),
Siemens CP-2016 & CP-2019
vulnerable version: JTAG: Unknown HW revision, Zynq Firmware...

Re: Local Privilege Escalations in needrestart

Full Disclosure - 27 November, 2024 - 13:57

Posted by Mark Esler on Nov 27

The security fix for CVE-2024-48991, 6ce6136 (“core: prevent race
condition on /proc/$PID/exec evaluation”) [0], introduced a regression
which was subsequently fixed 42af5d3 ("core: fix regression of false
positives for processes running in chroot or mountns (#317)") [1].

Many thanks to Ivan Kurnosov and Salvatore Bonaccorso for their review.

[0] https://github.com/liske/needrestart/commit/6ce6136cccc307c6b8a0f8cae12f9a22ac2aad59...

APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1

Full Disclosure - 21 November, 2024 - 14:31

Posted by Apple Product Security via Fulldisclosure on Nov 21

APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1

macOS Sequoia 15.1.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121753.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

JavaScriptCore
Available for: macOS Sequoia
Impact: Processing maliciously crafted web content may lead to arbitrary...

Local Privilege Escalations in needrestart

Full Disclosure - 21 November, 2024 - 14:31

Posted by Qualys Security Advisory via Fulldisclosure on Nov 21

Qualys Security Advisory

LPEs in needrestart (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992,
CVE-2024-10224, and CVE-2024-11003)

========================================================================
Contents
========================================================================

Summary
Background
CVE-2024-48990 (and CVE-2024-48992)
CVE-2024-48991
CVE-2024-10224 (and CVE-2024-11003)
Mitigation
Acknowledgments
Timeline

I got bugs...

APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2

Full Disclosure - 21 November, 2024 - 14:31

Posted by Apple Product Security via Fulldisclosure on Nov 21

APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2

iOS 17.7.2 and iPadOS 17.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121754.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

JavaScriptCore
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
2nd generation...
Syndicate content