#MemoryCorruption

About the security content of Safari 18.1 – Apple Support

October 29, 2024 by Xynik

October 29, 2024 at 02:42PM Apple released updates for Safari 18.1 on macOS Ventura and Sonoma on October 28, 2024, addressing multiple vulnerabilities (CVE-2024-44259, CVE-2024-44244, CVE-2024-44229, CVE-2024-44296). Issues included memory corruption and failures to enforce Content Security Policy, potentially causing process crashes when processing malicious web content. **Meeting Notes Takeaways:** **Release Information:** – **Apple ID:** … Read more

About the security content of visionOS 2.1 – Apple Support

October 28, 2024 by Xynik

October 28, 2024 at 12:06PM Apple has released updates for visionOS 2.1 on Apple Vision Pro addressing various security vulnerabilities. These include improved handling of symlinks, memory management, and path handling issues that could lead to unauthorized access, information disclosure, or system crashes. The update is available as of October 28, 2024. ### Meeting Takeaways … Read more

Rock Chrome hard enough and get paid half a million

August 29, 2024 by Xynik

August 29, 2024 at 12:35PM Google’s Chrome Vulnerability Rewards Program has increased rewards, specifically addressing memory safety with up to $250,000 for demonstrated remote code execution. Other classes of vulnerabilities have rewards up to $30,000 and special rewards of $100,115 and $250,128 for bypassing security measures. A new bug could potentially earn $500,128. Based on … Read more

Google Now Offering Up to $250,000 for Chrome Vulnerabilities

August 28, 2024 by Xynik

August 28, 2024 at 02:09PM Google significantly increases rewards for Chrome browser vulnerabilities through its VRP. Researchers may now earn up to $250,000 for a single issue, with the highest payouts for memory corruption bugs in non-sandboxed processes. Additional rewards are possible for specific exploit conditions. Google also offers rewards for other vulnerability classes based … Read more

New ARM ‘TIKTAG’ attack impacts Google Chrome, Linux systems

June 16, 2024 by Xynik

June 16, 2024 at 10:14PM The TIKTAG attack exploits ARM’s Memory Tagging Extension (MTE) to leak data with over 95% success. Researchers from Samsung, Seoul National University, and Georgia Tech demonstrated the attack against Google Chrome and the Linux kernel. MTE, designed to prevent memory corruption, is susceptible to TIKTAG-v1 and TIKTAG-v2 gadgets. Mitigations are … Read more

About the security content of iOS 16.7.6 and iPadOS 16.7.6 – Apple Support

March 5, 2024 by Xynik

March 5, 2024 at 04:39PM Summary: Apple released an update on 2024-03-05 addressing a memory corruption issue (CVE-2024-23225) in the kernel, which could enable an attacker to bypass kernel memory protections. The affected products include iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation. The … Read more

Google Chrome Zero-Day Bug Under Attack, Allows Code Injection

January 17, 2024 by Xynik

January 17, 2024 at 04:23PM Google has patched a high-severity zero-day bug in Chrome Web browser (CVE-2024-0519) actively exploited by attackers, enabling code execution and other cyberattacks. This is the first Chrome zero-day in 2024 and the second in less than a month. Chrome’s vulnerability disclosures increased over the years, making it a prime target … Read more

About the security content of macOS Sonoma 14.2 – Apple Support

December 11, 2023 by Xynik

December 11, 2023 at 01:45PM Summary: Various CVEs were addressed with updates for macOS Sonoma, addressing issues such as secure text field display, privacy issues, memory corruption, logic issues, and improved memory handling. Impact includes app termination, arbitrary code execution, sensitive data access, and denial-of-service. Affected products include Accessibility, Accounts, AppleGraphicsControl, and others. From the … Read more