Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2022-32793: About the security content of macOS Monterey 12.5

Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.

CVE
Open in Source
#vulnerability#web#ios#mac#windows#apple#dos#git#intel#auth#zero_day#webkit#wifi
CVE-2022-32893: About the security content of Safari 15.6.1

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

CVE-2022-32894: About the security content of iOS 15.6.1 and iPadOS 15.6.1

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

CVE-2022-36633: GitHub - gravitational/teleport: The easiest, most secure way to access infrastructure.

Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload.

CVE-2022-33172: GitHub - BSI-Bund/de.fac2: A Common Criteria (CC) and FIDO certified FIDO U2F javacard applet.

de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim's PC.

How to secure a Mac for your kids

Categories: Explained Categories: Personal Tags: Mac Tags: Parental Controls Tags: Screen Time If you want to know how to secure your Mac so your kids can use it safely, we're here to help. (Read more...) The post How to secure a Mac for your kids appeared first on Malwarebytes Labs.

The Most Damning Allegation in the Twitter Whistleblower’s Report

Peiter “Mudge” Zatko’s claims about the company’s lax security are all bad. But one clearly captures the extent of systemic issues.

CVE-2022-36379: ЮKassa для WooCommerce

Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress.

XCSSET Malware Updates with Python 3 to Target macOS Monterey Users

The operators of the XCSSET macOS malware have upped the stakes by making iterative improvements that add support for macOS Monterey by upgrading its source code components to Python 3. "The malware authors have changed from hiding the primary executable in a fake Xcode.app in the initial versions in 2020 to a fake Mail.app in 2021 and now to a fake Notes.app in 2022," SentinelOne researchers

CVE-2022-36261: cms-pentest/taocms-arbitrary-file-deletion-vulnerability.md at main · chasingboy/cms-pentest

An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt