About the security content of Safari 17.5 – Apple Support

October 15, 2024 at 02:27PM Apple has released updates for Safari 17.5 on macOS Monterey and Ventura to address multiple vulnerabilities (CVE-2024-27808, CVE-2024-27830, etc.), primarily focusing on integer overflow and improved input validation. These issues could lead to arbitrary code execution and user fingerprinting from malicious web content. ### Meeting Takeaways **Apple ID**: 120896 **Release … Read more

About the security content of iOS 16.7.9 and iPadOS 16.7.9 – Apple Support

October 15, 2024 at 02:09PM Apple’s iOS 16.7.9 and iPadOS 16.7.9 address multiple vulnerabilities, including out-of-bounds reads, integer overflows, privacy issues, and cross-site scripting risks. Affected devices include iPhone 8, 8 Plus, X, and various iPad models. Updates are available to enhance security and prevent potential exploits from malicious content. ### Meeting Takeaways **Release Information:** … Read more

About the security content of visionOS 1.2 – Apple Support

October 15, 2024 at 02:09PM Apple has released updates for visionOS 1.2 to address multiple vulnerabilities (CVE-2024-27800 to CVE-2024-27884). Issues include arbitrary code execution, privilege escalation, and app termination due to improved input validation and memory handling. Updates are available for Apple Vision Pro, released on June 10, 2024. ### Meeting Takeaways #### Overview The … Read more

About the security content of Apple TV 1.5.0.152 for Windows – Apple Support

October 13, 2024 at 02:30PM A stack buffer overflow vulnerability (CVE-2024-44157) in Apple TV 1.5.0.152 for Windows was fixed with better input validation. Parsing a malicious video file could cause system termination. The update is available for Windows 10 version 22H2 and later, released on October 3, 2024. ### Meeting Notes Takeaways – **Apple ID**: … Read more

About the security content of tvOS 18 – Apple Support

October 13, 2024 at 02:30PM A security update for tvOS 18, available for Apple TV HD and 4K models, addresses multiple CVEs, including input validation and integrity issues, which could lead to app termination, denial-of-service, unauthorized Bluetooth access, cross site scripting, and data exfiltration. Release date is September 16, 2024. ### Meeting Takeaways **Release Information:** … Read more

CISA urges software devs to weed out XSS vulnerabilities

September 17, 2024 at 12:46PM CISA and the FBI advised technology manufacturers to review software for cross-site scripting vulnerabilities before shipping and implement secure-by-design practices to eliminate such flaws entirely. They recommended input validation, output encoding functions, code reviews, and adversarial testing to prevent XSS vulnerabilities in future software releases. This warning is part of … Read more

Apple Patches Code Execution Vulnerability in iOS, macOS

March 26, 2024 at 08:48AM Apple has issued security updates for iOS and macOS to fix an arbitrary code execution vulnerability affecting CoreMedia and WebRTC components. This issue, also impacting the dav1d AV1 decoder, can lead to memory corruption and arbitrary code execution. The company credited Google Project Zero researcher Nick Galloway for reporting the … Read more

About the security content of macOS Ventura 13.6.6 – Apple Support

March 25, 2024 at 01:54PM Summary: Apple released an update on March 25, 2024, addressing CVE-2024-1580, an out-of-bounds write issue impacting CoreMedia and WebRTC on macOS Ventura. The update improves input validation to mitigate the risk of arbitrary code execution when processing images. It appears that there are two security vulnerabilities, both tied to CVE-2024-1580. … Read more

About the security content of visionOS 1.1.1 – Apple Support

March 25, 2024 at 01:54PM Summary: Apple released a security update on March 21, 2024 (Apple Id: HT214093) addressing CVE-2024-1580. The update improves input validation to resolve an out-of-bounds write issue that could lead to arbitrary code execution when processing images in CoreMedia and WebRTC. Update available for: Apple Vision Pro. Based on the meeting … Read more

About the security content of iOS 17.4.1 and iPadOS 17.4.1 – Apple Support

March 25, 2024 at 01:54PM Summary: Apple released an update addressing an out-of-bounds write issue (CVE-2024-1580) impacting CoreMedia and WebRTC. The update is available for multiple devices including iPhone XS, iPad Pro, iPad Air, and iPad mini. The issue, related to processing images, could lead to arbitrary code execution if not addressed. Based on the … Read more