#ArbitraryCodeExecution

‘NsaRescueAngel’ Backdoor Account Again Discovered in Zyxel Products

June 5, 2024 by Xynik

June 5, 2024 at 08:00AM Taiwan-based networking device manufacturer Zyxel warned of three critical-severity vulnerabilities in discontinued NAS products, allowing command injection and arbitrary code execution without authentication. Despite reaching the end of vulnerability support, patches were made available for impacted products NAS326 and NAS542. Exploitation could lead to persistent root access, requiring immediate firmware … Read more

About the security content of iTunes 12.13.2 for Windows – Apple Support

May 8, 2024 by Xynik

May 8, 2024 at 04:15PM Apple ID: HT214099, released on 2024-05-08, addressed CVE-2024-27793 with improved checks. Impact: Parsing a file may result in an unexpected app termination or arbitrary code execution. Affected product: CoreMedia. Update available for Windows 10 and later. Based on the meeting notes, the key takeaways are: – Apple ID: HT214099 – … Read more

Apple Patches Code Execution Vulnerability in iOS, macOS

March 26, 2024 by Xynik

March 26, 2024 at 08:48AM Apple has issued security updates for iOS and macOS to fix an arbitrary code execution vulnerability affecting CoreMedia and WebRTC components. This issue, also impacting the dav1d AV1 decoder, can lead to memory corruption and arbitrary code execution. The company credited Google Project Zero researcher Nick Galloway for reporting the … Read more

About the security content of macOS Ventura 13.6.6 – Apple Support

March 25, 2024 by Xynik

March 25, 2024 at 01:54PM Summary: Apple released an update on March 25, 2024, addressing CVE-2024-1580, an out-of-bounds write issue impacting CoreMedia and WebRTC on macOS Ventura. The update improves input validation to mitigate the risk of arbitrary code execution when processing images. It appears that there are two security vulnerabilities, both tied to CVE-2024-1580. … Read more

About the security content of macOS Sonoma 14.4.1 – Apple Support

March 25, 2024 by Xynik

March 25, 2024 at 01:54PM Apple has released an update for macOS Sonoma to address out-of-bounds write issues in CoreMedia and WebRTC. The issues were resolved with improved input validation to prevent arbitrary code execution when processing images. CVE-2024-1580 is the identifier for this vulnerability. The meeting notes indicate that there are two issues addressed … Read more

About the security content of visionOS 1.1.1 – Apple Support

March 25, 2024 by Xynik

March 25, 2024 at 01:54PM Summary: Apple released a security update on March 21, 2024 (Apple Id: HT214093) addressing CVE-2024-1580. The update improves input validation to resolve an out-of-bounds write issue that could lead to arbitrary code execution when processing images in CoreMedia and WebRTC. Update available for: Apple Vision Pro. Based on the meeting … Read more

About the security content of iOS 17.4.1 and iPadOS 17.4.1 – Apple Support

March 25, 2024 by Xynik

March 25, 2024 at 01:54PM Summary: Apple released an update addressing an out-of-bounds write issue (CVE-2024-1580) impacting CoreMedia and WebRTC. The update is available for multiple devices including iPhone XS, iPad Pro, iPad Air, and iPad mini. The issue, related to processing images, could lead to arbitrary code execution if not addressed. Based on the … Read more

Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints

March 14, 2024 by Xynik

March 14, 2024 at 07:57AM Akamai issued a warning about a high-severity Kubernetes vulnerability, CVE-2023-5528, affecting default installations. The issue allows arbitrary code execution with System privileges on Windows endpoints when creating a pod with a local volume. Akamai provided a PoC exploit and advised upgrading to Kubernetes version 1.28.4, even for clusters without Windows … Read more

About the security content of GarageBand 10.4.11 – Apple Support

March 12, 2024 by Xynik

March 12, 2024 at 02:21PM Summary: Apple ID HT214090 addresses CVE-2024-23300, a use-after-free issue in GarageBand. The release on 2024-03-12 includes improved memory management to mitigate potential impact. Users of macOS Ventura and macOS Sonoma are advised to install the update to prevent unexpected app termination or arbitrary code execution when processing malicious files. Based … Read more

About the security content of watchOS 10.4 – Apple Support

March 7, 2024 by Xynik

March 7, 2024 at 01:51PM Apple released a security update to address multiple vulnerabilities in various products, including CoreBluetooth, ImageIO, Kernel, libxpc, MediaRemote, Messages, RTKit, Sandbox, Share Sheet, Siri, UIKit, WebKit. The update is available for Apple Watch Series 4 and later. These vulnerabilities may allow various exploits, including access to sensitive user data and … Read more