#ArbitraryCodeExecution

About the security content of macOS Sonoma 14.2 – Apple Support

by

December 11, 2023 at 01:45PM Summary: Various CVEs were addressed with updates for macOS Sonoma, addressing issues such as secure text field display, privacy issues, memory corruption, logic issues, and improved memory handling. Impact includes app termination, arbitrary code execution, sensitive data access, and denial-of-service. Affected products include Accessibility, Accounts, AppleGraphicsControl, and others. From the … Read more

About the security content of macOS Ventura 13.6.3 – Apple Support

by

December 11, 2023 at 01:45PM Summary: Apple has addressed various security issues with improved redaction, memory handling, and logic checks in macOS Ventura. The updates aim to prevent unauthorized access to sensitive user data across products like Accounts, AppleEvents, CoreServices, and more. Additionally, upgrades for specific applications like Vim and ncurses are available to mitigate … Read more

About the security content of watchOS 10.2 – Apple Support

by

December 11, 2023 at 01:45PM Several privacy and security issues were addressed in the release of Apple’s software update, including improved data redaction, memory handling, and input validation. These updates apply to various products and address potential impacts such as unauthorized access to sensitive data, arbitrary code execution, and denial-of-service. Update is available for Apple … Read more

Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover

by

November 2, 2023 at 05:30AM Researchers have discovered that up to 34 different Windows drivers could be exploited by threat actors without privileged access to gain control of devices and execute arbitrary code. Exploiting these drivers could allow attackers to erase or alter firmware and elevate privileges. The vulnerabilities have been identified in drivers including … Read more

Malicious NuGet Packages Abuse MSBuild Integrations for Code Execution

by

November 1, 2023 at 08:49AM Threat actors are continuously publishing malicious NuGet packages as part of an ongoing campaign, exploiting code execution capabilities. The campaign, which began in August, has seen hundreds of malicious packages placed in the NuGet repository. The threat actors adapt their tactics, utilizing typosquatting and placing malicious functionality in .targets files … Read more

Apple drops urgent patch against obtuse TriangleDB iPhone malware

by

October 26, 2023 at 05:22PM Apple released a security update to fix a vulnerability, tracked as CVE-2023-32434, that has already been exploited by cyber snoops. This flaw allowed the execution of arbitrary code with kernel privileges. It is the second patch issued by Apple to address this vulnerability. Kaspersky researchers discovered the bug and reported … Read more

About the security content of iOS 17.1 and iPadOS 17.1 – Apple Support

by

October 25, 2023 at 02:36PM Summary: Apple has released a security update addressing multiple vulnerabilities in various products. The issues include privacy concerns, memory handling improvements, authentication and UI issues, and potential arbitrary code execution. Affected products include Contacts, CoreAnimation, Find My, ImageIO, IOTextEncryptionFamily, Kernel, Mail Drafts, mDNSResponder, Passkeys, Photos, Pro Res, Siri, Status Bar, … Read more

About the security content of macOS Monterey 12.7.1 – Apple Support

by

October 25, 2023 at 02:36PM There are multiple updates available for macOS Monterey addressing various security issues. These include improved memory handling, removal of vulnerable code, and improved handling of caches and symlinks. The updates address issues related to denial-of-service attacks, sensitive information access, arbitrary code execution, and privacy concerns. Affected products include CoreAnimation, FileProvider, … Read more

About the security content of Safari 17.1 – Apple Support

by

October 25, 2023 at 02:36PM Summary: Apple has addressed several security vulnerabilities in the WebKit software. These issues could potentially lead to arbitrary code execution or denial-of-service attacks when processing web content. Updates are available for macOS Monterey and macOS Ventura. Here are the key takeaways from the meeting notes: 1. Apple has released an … Read more

About the security content of iOS 15.8 and iPadOS 15.8 – Apple Support

by

October 25, 2023 at 02:36PM Summary: Apple has released an update addressing an integer overflow vulnerability that allows apps to execute arbitrary code with kernel privileges. There are reports of active exploitation on iOS versions prior to 15.7. The affected product is the Kernel, and the update is available for several iPhone and iPad models. … Read more