March 25, 2024 at 01:54PM Apple has released an update for macOS Sonoma to address out-of-bounds write issues in CoreMedia and WebRTC. The issues were resolved with improved input validation to prevent arbitrary code execution when processing images. CVE-2024-1580 is the identifier for this vulnerability. The meeting notes indicate that there are two issues addressed … Read more
March 25, 2024 at 01:54PM Summary: Apple released a security update on March 21, 2024 (Apple Id: HT214093) addressing CVE-2024-1580. The update improves input validation to resolve an out-of-bounds write issue that could lead to arbitrary code execution when processing images in CoreMedia and WebRTC. Update available for: Apple Vision Pro. Based on the meeting … Read more
March 25, 2024 at 01:54PM Summary: Apple released an update addressing an out-of-bounds write issue (CVE-2024-1580) impacting CoreMedia and WebRTC. The update is available for multiple devices including iPhone XS, iPad Pro, iPad Air, and iPad mini. The issue, related to processing images, could lead to arbitrary code execution if not addressed. Based on the … Read more
March 14, 2024 at 07:57AM Akamai issued a warning about a high-severity Kubernetes vulnerability, CVE-2023-5528, affecting default installations. The issue allows arbitrary code execution with System privileges on Windows endpoints when creating a pod with a local volume. Akamai provided a PoC exploit and advised upgrading to Kubernetes version 1.28.4, even for clusters without Windows … Read more
March 12, 2024 at 02:21PM Summary: Apple ID HT214090 addresses CVE-2024-23300, a use-after-free issue in GarageBand. The release on 2024-03-12 includes improved memory management to mitigate potential impact. Users of macOS Ventura and macOS Sonoma are advised to install the update to prevent unexpected app termination or arbitrary code execution when processing malicious files. Based … Read more
March 7, 2024 at 01:51PM Apple released a security update to address multiple vulnerabilities in various products, including CoreBluetooth, ImageIO, Kernel, libxpc, MediaRemote, Messages, RTKit, Sandbox, Share Sheet, Siri, UIKit, WebKit. The update is available for Apple Watch Series 4 and later. These vulnerabilities may allow various exploits, including access to sensitive user data and … Read more
January 31, 2024 at 01:34PM Summary: Apple released an update on January 31, 2024, addressing CVE-2024-23222, a type confusion issue in WebKit. The update includes improved checks to prevent arbitrary code execution from malicious web content. Apple is investigating reports of potential exploitation and has made the update available for Apple Vision Pro. Based on … Read more
January 22, 2024 at 01:42PM Summary: Multiple CVEs are addressed, including memory handling, timing side-channel issues, redaction of sensitive information, and improved handling of files. Updates are available for various products, such as Apple Neural Engine, CoreCrypto, Kernel, Mail Search, NSSpellChecker, etc., impacting devices like iPhone XS and later, iPad Pro, and more. From the … Read more
December 11, 2023 at 04:21PM Summary: Apple has released updates for macOS Monterey and macOS Ventura to address security vulnerabilities in WebKit. The vulnerabilities could lead to arbitrary code execution when processing web content (CVE-2023-42890) and denial-of-service when processing an image (CVE-2023-42883). The issues were resolved with improved memory handling. Based on the meeting notes, … Read more
December 11, 2023 at 01:45PM Several security vulnerabilities have been addressed in Apple’s products, including issues with sensitive data redaction, memory handling, and potential code execution. Demonstrating a wide-reaching impact, vulnerabilities affect various products such as Accounts, AVEVideoEncoder, Find My, ImageIO, Kernel, and WebKit for specific Apple devices. Updates are available for relevant device models. … Read more