May 13, 2024 at 01:45PM Summary: Apple released updates for macOS Monterey to address two security vulnerabilities (CVE-2024-23229 and CVE-2024-27789). The updates improved redaction of sensitive information in Find My, and addressed a logic issue in Foundation that could allow an app to access user-sensitive data. From the meeting notes, the following key takeaways can … Read more
May 13, 2024 at 01:45PM Summary: Apple released updates for macOS Ventura to address logic and memory corruption issues, impacting Foundation, Login Window, and RTKit. The vulnerabilities could lead to unauthorized data access and bypassing of kernel memory protections. The updates aim to improve checks, state management, and validation to mitigate potential risks. From the … Read more
May 8, 2024 at 04:15PM Apple ID: HT214099, released on 2024-05-08, addressed CVE-2024-27793 with improved checks. Impact: Parsing a file may result in an unexpected app termination or arbitrary code execution. Affected product: CoreMedia. Update available for Windows 10 and later. Based on the meeting notes, the key takeaways are: – Apple ID: HT214099 – … Read more
March 25, 2024 at 01:54PM Summary: Apple released an update on March 25, 2024, addressing CVE-2024-1580, an out-of-bounds write issue impacting CoreMedia and WebRTC on macOS Ventura. The update improves input validation to mitigate the risk of arbitrary code execution when processing images. It appears that there are two security vulnerabilities, both tied to CVE-2024-1580. … Read more
March 25, 2024 at 01:54PM Apple has released an update for macOS Sonoma to address out-of-bounds write issues in CoreMedia and WebRTC. The issues were resolved with improved input validation to prevent arbitrary code execution when processing images. CVE-2024-1580 is the identifier for this vulnerability. The meeting notes indicate that there are two issues addressed … Read more
March 25, 2024 at 01:54PM Summary: Apple released an update addressing an out-of-bounds write issue (CVE-2024-1580) impacting CoreMedia and WebRTC. The update is available for multiple devices including iPhone XS, iPad Pro, iPad Air, and iPad mini. The issue, related to processing images, could lead to arbitrary code execution if not addressed. Based on the … Read more
March 15, 2024 at 03:42PM Summary: Apple has released an update for Xcode due to a logic issue (CVE-2024-23298) that could allow an app to bypass Gatekeeper checks. The update, available for macOS Sonoma 14 and later, addresses improved state management to mitigate the issue. Release date: 2024-03-05. Apple ID: HT214092. After reviewing the meeting … Read more
March 14, 2024 at 02:54PM Summary: Apple ID HT214091 released an update on December 14, 2023, addressing CVE-2023-42938, a logic issue with improved checks. The impact is that a local attacker may elevate their privileges. The affected product is the Mobile Device Service, with the update available for Windows 10 and later. Based on the … Read more
March 12, 2024 at 02:21PM Summary: Apple ID HT214090 addresses CVE-2024-23300, a use-after-free issue in GarageBand. The release on 2024-03-12 includes improved memory management to mitigate potential impact. Users of macOS Ventura and macOS Sonoma are advised to install the update to prevent unexpected app termination or arbitrary code execution when processing malicious files. Based … Read more
March 7, 2024 at 02:15PM Summary: Multiple security issues (CVE-2024-23273, 23252, 23254, 23263, 23280, 23284) were addressed with improved state management, memory handling, UI handling, and validation in WebKit. These issues impact Safari Private Browsing and could result in unauthorized access to private tabs, denial-of-service, audio data exfiltration, and user fingerprinting. Updates are available for … Read more