May 13, 2024 at 01:45PM Summary: Apple released updates for macOS Ventura to address logic and memory corruption issues, impacting Foundation, Login Window, and RTKit. The vulnerabilities could lead to unauthorized data access and bypassing of kernel memory protections. The updates aim to improve checks, state management, and validation to mitigate potential risks. From the … Read more
March 7, 2024 at 02:15PM Summary: Multiple security issues (CVE-2024-23273, 23252, 23254, 23263, 23280, 23284) were addressed with improved state management, memory handling, UI handling, and validation in WebKit. These issues impact Safari Private Browsing and could result in unauthorized access to private tabs, denial-of-service, audio data exfiltration, and user fingerprinting. Updates are available for … Read more
January 22, 2024 at 05:31PM Hackers are utilizing a covert approach to disseminate information-stealing malware to macOS users via DNS records. The campaign targets macOS Ventura and later users, leveraging cracked applications containing a trojan. Victims unknowingly execute the malware, granting it access to their system and potentially compromising sensitive data. Kaspersky’s findings underscore the … Read more
January 22, 2024 at 01:42PM Multiple security vulnerabilities have been addressed in macOS Ventura, including issues related to memory handling, privacy, code execution, and arbitrary file access. Updates are available for affected products such as Apple Neural Engine, Core Data, curl, Finder, and WebKit to mitigate these risks. Users are advised to install the recommended … Read more
December 11, 2023 at 04:21PM Summary: Apple has released updates for macOS Monterey and macOS Ventura to address security vulnerabilities in WebKit. The vulnerabilities could lead to arbitrary code execution when processing web content (CVE-2023-42890) and denial-of-service when processing an image (CVE-2023-42883). The issues were resolved with improved memory handling. Based on the meeting notes, … Read more
December 8, 2023 at 12:33PM Summary: Apple ID HT214042, released on 2023-11-06, addresses CVE-2023-42867 by improving process entitlement and Team ID validation. The issue could allow an app to gain root privileges in GarageBand. Updates are available for macOS Ventura and macOS Sonoma. Based on the meeting notes: Issue: CVE-2023-42867 Description: Improved validation of process … Read more
November 30, 2023 at 01:54PM Apple addressed two WebKit vulnerabilities (CVE-2023-42916 and CVE-2023-42917) affecting pre-iOS 16.7.1 devices. Improved validation fixes an out-of-bounds read and improved locking resolves a memory corruption issue. Updates are available for macOS Monterey and Ventura. Potential exploitation of both issues has been reported. Takeaways from the meeting: 1. An Apple advisory … Read more
October 25, 2023 at 02:36PM Summary: Multiple security issues have been addressed in macOS Ventura. These include improved memory handling, removal of vulnerable code, improved handling of caches and symlinks, improved checks, and additional permissions checks. These issues could result in denial-of-service attacks, disclosure of sensitive information, arbitrary code execution, and unauthorized access to sensitive … Read more
October 25, 2023 at 02:36PM Summary: Apple has addressed several security vulnerabilities in the WebKit software. These issues could potentially lead to arbitrary code execution or denial-of-service attacks when processing web content. Updates are available for macOS Monterey and macOS Ventura. Here are the key takeaways from the meeting notes: 1. Apple has released an … Read more