#ArbitraryCodeExecution

About the security content of iOS 17.1 and iPadOS 17.1 – Apple Support

by

October 25, 2023 at 02:36PM Summary: Apple has released a security update addressing multiple vulnerabilities in various products. The issues include privacy concerns, memory handling improvements, authentication and UI issues, and potential arbitrary code execution. Affected products include Contacts, CoreAnimation, Find My, ImageIO, IOTextEncryptionFamily, Kernel, Mail Drafts, mDNSResponder, Passkeys, Photos, Pro Res, Siri, Status Bar, … Read more

About the security content of macOS Monterey 12.7.1 – Apple Support

by

October 25, 2023 at 02:36PM There are multiple updates available for macOS Monterey addressing various security issues. These include improved memory handling, removal of vulnerable code, and improved handling of caches and symlinks. The updates address issues related to denial-of-service attacks, sensitive information access, arbitrary code execution, and privacy concerns. Affected products include CoreAnimation, FileProvider, … Read more

About the security content of Safari 17.1 – Apple Support

by

October 25, 2023 at 02:36PM Summary: Apple has addressed several security vulnerabilities in the WebKit software. These issues could potentially lead to arbitrary code execution or denial-of-service attacks when processing web content. Updates are available for macOS Monterey and macOS Ventura. Here are the key takeaways from the meeting notes: 1. Apple has released an … Read more

About the security content of iOS 15.8 and iPadOS 15.8 – Apple Support

by

October 25, 2023 at 02:36PM Summary: Apple has released an update addressing an integer overflow vulnerability that allows apps to execute arbitrary code with kernel privileges. There are reports of active exploitation on iOS versions prior to 15.7. The affected product is the Kernel, and the update is available for several iPhone and iPad models. … Read more

Critical RCE flaws found in SolarWinds access audit solution

by

October 20, 2023 at 11:06AM Researchers discovered three critical remote code execution vulnerabilities in SolarWinds Access Rights Manager (ARM), allowing attackers to run code with SYSTEM privileges. SolarWinds ARM helps organizations manage and audit user access rights. The vendor promptly released a patch in version 2023.2.1 of the system. The vulnerabilities’ severity ratings are all … Read more

Zero-Day Alert: Ten Thousand Cisco IOS XE Systems Now Compromised

by

October 17, 2023 at 03:19PM Thousands of Internet exposed Cisco IOS XE devices have been infected by a threat actor exploiting an unpatched vulnerability. Cisco has disclosed the flaw, which allows arbitrary code execution, with a severity rating of 10 out of 10. The attacks have a global footprint and the compromised systems all have … Read more

Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years After Disclosure

by

October 13, 2023 at 06:18AM Dozens of vulnerabilities in the Squid caching and forwarding web proxy, discovered in 2021 by researcher Joshua Rogers, remain unpatched. Only a few flaws have been addressed, while 35 vulnerabilities still exist. The Squid Team lacks resources to address the issues, and the researcher suggests reassessing the use of Squid … Read more