March 26, 2024 at 08:48AM Apple has issued security updates for iOS and macOS to fix an arbitrary code execution vulnerability affecting CoreMedia and WebRTC components. This issue, also impacting the dav1d AV1 decoder, can lead to memory corruption and arbitrary code execution. The company credited Google Project Zero researcher Nick Galloway for reporting the … Read more
March 25, 2024 at 01:54PM Summary: Apple released an update on March 25, 2024, addressing CVE-2024-1580, an out-of-bounds write issue impacting CoreMedia and WebRTC on macOS Ventura. The update improves input validation to mitigate the risk of arbitrary code execution when processing images. It appears that there are two security vulnerabilities, both tied to CVE-2024-1580. … Read more
March 25, 2024 at 01:54PM Summary: Apple released a security update on March 21, 2024 (Apple Id: HT214093) addressing CVE-2024-1580. The update improves input validation to resolve an out-of-bounds write issue that could lead to arbitrary code execution when processing images in CoreMedia and WebRTC. Update available for: Apple Vision Pro. Based on the meeting … Read more
March 25, 2024 at 01:54PM Summary: Apple released an update addressing an out-of-bounds write issue (CVE-2024-1580) impacting CoreMedia and WebRTC. The update is available for multiple devices including iPhone XS, iPad Pro, iPad Air, and iPad mini. The issue, related to processing images, could lead to arbitrary code execution if not addressed. Based on the … Read more
October 25, 2023 at 02:36PM Summary: Apple has released an update addressing an integer overflow vulnerability that allows apps to execute arbitrary code with kernel privileges. There are reports of active exploitation on iOS versions prior to 15.7. The affected product is the Kernel, and the update is available for several iPhone and iPad models. … Read more