May 13, 2024 at 01:45PM Apple released updates addressing CVE-2024-27789 and CVE-2024-23296. The first fix is for a logic issue which allowed app access to user data. The second addresses a memory corruption issue that could allow an attacker to bypass kernel memory protections. Updates are available for several iPhone and iPad models. It appears … Read more
March 25, 2024 at 01:54PM Summary: Apple released an update on March 21, 2024, addressing CVE-2024-1580, an out-of-bounds write issue in CoreMedia and WebRTC. The update is available for various iPhone and iPad models. The issue could lead to arbitrary code execution when processing images due to improved input validation. From the meeting notes, I … Read more
January 22, 2024 at 01:42PM Summary: – Apple released updates addressing multiple CVE issues including privacy, memory handling, and access risks affecting various products like Accessibility, Apple Neural Engine, curl, ImageIO, Safari, and WebKit for specific devices. The updates aim to mitigate potential user data exposure, arbitrary code execution, and web content vulnerabilities. From the … Read more
October 25, 2023 at 02:36PM Summary: Apple has addressed several security vulnerabilities in its products. These include issues with memory handling, cache handling, and improved state management. The impact of these vulnerabilities ranges from denial-of-service attacks to arbitrary code execution. Affected products include CoreAnimation, Find My, ImageIO, IOTextEncryptionFamily, Kernel, Mail Drafts, mDNSResponder, Pro Res, Safari, … Read more