Significant upcoming legislation promises to tighten the screws on cyber incident response in Australia, mirroring CIRCIA in the US.

Source: Bonaventura via Alamy Stock Photo

Australian companies may soon have to disclose to the government any ransom payments they surrender to ransomware attackers.

It wasn't so long ago that Australia's government was considering an outright ban on ransom payments across the country. That idea didn't survive, but a slightly softer rule was floated in a national cybersecurity strategy document published last November. In just a single sentence buried deep in that document, the government signaled its intention that "To stay ahead of the threat, we will co-design with industry options to legislate a no-fault, no-liability ransomware reporting obligation for businesses."

That obligation seems to be part of the country's upcoming Cyber Security Act, which is expected to be brought before parliament during its next sitting in just a couple of weeks' time.

Following an interview with Clare O'Neil — who, until Monday, was Australia's Minister for Home Affairs — the Australian Broadcasting Corporation (ABC) reported that businesses making more than $3 million AUD ($1.96 million US) in annual revenue will be forced to report their ransom payments. However, the fines for noncompliance are purportedly just $15,000.

Dark Reading has contacted Australia's Department of Home Affairs to confirm reports about the new rule.

"The goal with such laws is to allow governments to have insight into funds going to bad actors, in order to be able to track those payments and hopefully bring criminals to justice," explains Beth Burgin Waller, chair of the Cybersecurity & Data Privacy practice at Woods Rogers Vandeventer Black (WRVB).

In Australia's case, "The proposed bill appears to mirror what we are seeing in the United States from CIRCIA (the Cyber Incident Reporting for Critical Infrastructure Act of 2022), which requires that covered entities report ransom payments within 24 hours of making a ransom payment to CISA," she explains. "The Australian proposed law is broader, though, in the sense that it appears to be for any business making a ransom payment, whereas it appears CIRCIA covers only 'covered entities,' which the current proposed CIRCIA regulations broadly define."

**Will Forcing Ransom Disclosure Work?**

Australia has been rocked by some major cyberattacks in recent years. In 2022, a breach of millions of consumer records struck the telecommunications company Optus. Shortly thereafter, a case of similar scope hit the health insurance provider Medibank. Last year, a cyber disruption downed four core ports around the country for a weekend. And there have been more.

The toll to Australia's economy has been significant. As former minister O'Neil noted in a forward to the 2023–2030 Australian Cyber Security Strategy, a cyber incident is reported to the government every six minutes. (Of course, that doesn't include all the incidents that don't get reported.) Ransomware, meanwhile, is responsible for $3 billion worth of damage to Aussie organizations annually, and cyberattack costs are rising 14% per annum.

Any hard and fast rules that help curb the problem inevitably affect different organizations differently. On one hand there are larger companies, which can handle the costs involved and stand to benefit the most from clearer regulations.

"With laws like this popping up locally across the globe, it creates a patchwork quilt of compliance for multi-national organizations with perhaps a headquarters in the United States but significant operations in Australia," Waller says.

Smaller organizations, meanwhile, have fewer resources to dedicate to cybersecurity, and less money to pay fines when they fall short. According to ABC, the Australian Chamber of Commerce and Industry (ACCI) trade organization supports parts of the upcoming Cyber Security Act, but proposes that the minimum revenue threshold for businesses affected by the reporting rule should be $10 million.

**Incentive for Stronger Cyber Defenses**

The hope, regardless, is that any potential negative side effects will be outweighed by greater visibility for law enforcement, and more effective incentives for companies to better themselves.

"Mandatory disclosures may prompt a reassessment of corporate practices regarding negotiations with cybercriminals," says Anne Cutler, cybersecurity evangelist at Keeper Security. "With the knowledge they must disclose any ransom payments, business leaders may be persuaded to invest more heavily in preventive measures and robust incident response plans to avoid the financial and reputational scrutiny that comes with public disclosure."

**About the Author(s)**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Australian Companies Will Soon Need to Report Ransom Payments

Malicious actors could potentially exploit this vulnerability if they gain physical access to a user's device.

Source: Anatolii Babii via Alamy Stock Photo

Apple released updates for a variety of its products to patch recent vulnerabilities found in Siri, the Apple iOS digital assistant.

The vulnerabilities could allow an attacker to steal information through a locked device because when a device is locked, there are still voice commands that the digital assistant can process and may allow access to contacts and other sensitive data.

In its latest round of fixes, Apple restricted these options to prevent malicious actors from exploiting the vulnerability, even if they have physical access to a device.

In addition to the iPhone, the company patched a similar vulnerability in Apple Watch, iOS, iPadOS, and the macOS Ventura.

Users should update to the latest software version of iOS and iPadOS, iOS 17.6, or iPadOS 17.6, to mitigate these bugs by going to settings, general, and then software update.

**About the Author(s)**

Siri Bug Enables Data Theft on Locked Apple Devices

A binary in Apple macOS could allow an adversary to execute an arbitrary binary that bypasses SIP.

Wednesday, July 31, 2024 12:00

Cisco Talos’ Vulnerability Research team has helped to disclose and patch six new vulnerabilities over the past three weeks, including one in a driver that powers certain NVIDIA graphics cards.  

The majority of the vulnerabilities that Talos disclosed during this period exist in Ankitects Anki, an open-source program that allows users to study information using flashcards. The most serious of these issues has a CVSS score of 9.6 out of 10. 

All the vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. 

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website. 

**Out-of-bounds read vulnerability in NVIDIA GPU Compiler Driver **

_Discovered by Piotr Bania._ 

A compiler driver in some NVIDIA graphics cards contains an out-of-bounds read vulnerability that could allow an adversary to read an arbitrary memory region. 

An adversary could exploit TALOS-2024-1956 (CVE-2024-0107) by sending a targeted device a specially crafted executable/shader file, leading to an out-of-bounds read. 

This vulnerability could be triggered from guest machines running virtualization environments to perform a guest-to-host escape — as previously demonstrated in other GPU vulnerabilities like TALOS-2018-0533. 

Talos researchers were able to trigger this vulnerability from a Hyper-V guest using the RemoteFX feature, which led to being able to execute the vulnerable code on the Hyper-V host. While Microsoft has deprecated RemoteFX, this feature may still be present in older versions of the Windows operating system. 

**Multiple vulnerabilities in Ankitects Anki flashcard software **

_Discovered by Autumn Bee Skerritt of Cisco Duo Security and Jacob B._ 

The Ankitects Anki flashcard software contains multiple vulnerabilities, one of which could lead to arbitrary code execution. This open-source tool allows users to create and share flashcards to study information.  

An adversary could exploit all these vulnerabilities by sharing a specially crafted, malicious flashcard with a targeted user.  

TALOS-2024-1994 (CVE-2024-32152) could lead to the creation of an arbitrary file along a fixed path. This vulnerability exists because a malicious user could manipulate a blocklist that normally prevents the use of certain malicious commands.  

TALOS-2024-1992 (CVE-2024-29073) also involves manipulating the command blocklist, but in this case, could lead to arbitrary file read. 

An adversary could also exploit TALOS-2024-1995 (CVE-2024-32484), a cross-site scripting vulnerability, in the software to inject JavaScript code into a flashcard and read a normally inaccessible file.  

The most serious among this group of vulnerabilities is TALOS-2024-1993 (CVE-2024-26020), a script injection vulnerability that could lead to arbitrary code execution. This vulnerability has a CVSS score of 9.6 out of 10. In Talos’ testing, researchers could exploit this vulnerability to obtain full command injection on the targeted user’s system.

Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains multiple security issues

AccPack Khanepani version 1.0 suffers from an insecure direct object reference vulnerability.

**AccPack Khanepani 1.0 Insecure Direct Object Reference**

Posted Jul 31, 2024

Authored by indoushka

AccPack Khanepani version 1.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 760d2e5184238b42e8f1ba299d632f9a683af578d5af3fd433dd135eb0ceb06b

Download | Favorite | View

**AccPack Khanepani 1.0 Insecure Direct Object Reference**

    =============================================================================================================================================| # Title     : AccPack Khanepani v1.0 IDOR Vulnerability                                                                                   || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : http://webpay.com.np/#Product                                                                                               |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : leads to the creation of a new file in the list.[+] use payload : cms/gallery/insert.php[+] http://127.0.0.1/jamiatulamanepalorgnp/cms/gallery/insert.phpGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,223)
*   Arbitrary (16,842)
*   BBS (2,859)
*   Bypass (1,855)
*   CGI (1,033)
*   Code Execution (7,784)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,384)
*   DoS (25,024)
*   Encryption (2,389)
*   Exploit (53,098)
*   File Inclusion (4,257)
*   File Upload (990)
*   Firewall (822)
*   Info Disclosure (2,885)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (896)
*   Kernel (7,184)
*   Local (14,788)
*   Magazine (586)
*   Overflow (13,165)
*   Perl (1,435)
*   PHP (5,221)
*   Proof of Concept (2,381)
*   Protocol (3,724)
*   Python (1,631)
*   Remote (31,625)
*   Root (3,633)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,024)
*   Shell (3,273)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,275)
*   SQL Injection (16,594)
*   TCP (2,440)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,921)
*   Web (9,953)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,239)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,084)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,580)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,432)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,710)
*   UNIX (9,432)
*   UnixWare (187)
*   Windows (6,668)
*   Other

AccPack Khanepani 1.0 Insecure Direct Object Reference

Apple has released security updates that patch vulnerabilities in Siri and VoiceOver that could be used to access sensitive user data.

Apple has released security updates for many of its products in order to patch several vulnerabilities that could allow an attacker to steal sensitive information from a locked device.

Included in the patches for Apple Watch, iOS, and iPadOS are four vulnerabilities in Siri. While your device is locked there are several voice-commands your digital assistant can process.

Apple has restricted these options to stop an attacker with physical access from being able to access contacts from the lock screen and access other sensitive user data. Using Siri on a locked device has limitations to protect your privacy and security, and the digital assistant should only be able to perform tasks that do not require access to sensitive data locked behind the device’s security systems, such as Face ID or a passcode.

A similar vulnerability was also patched in the VoiceOver component in Apple Watch, iOS, iPadOS, and macOS Ventura. To check whether VoiceOver is on or off on your iPhone or iPad, you can check by looking at **Settings > Accessibility > VoiceOver**.

To check if you’re using the latest software version of iOS and iPadOS, go to **Settings** > **General** > **Software Update**. You want to be on iOS 17.6 or iPadOS 17.6, so update now if you’re not. It’s also worth turning on Automatic Updates if you haven’t already. You can do that on the same screen.

iPad Software update is available

Here’s an overview of the available updates for the various Apple products:

Name:

Available for:

Safari 17.6

macOS Monterey and macOS Ventura

iOS 17.6 and iPadOS 17.6

iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

iOS 16.7.9 and iPadOS 16.7.9

iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation

macOS Sonoma 14.6

macOS Sonoma

macOS Ventura 13.6.8

macOS Ventura

macOS Monterey 12.7.6

macOS Monterey

watchOS 10.6

Apple Watch Series 4 and later

tvOS 17.6

Apple TV HD and Apple TV 4K (all models)

visionOS 1.3

Apple Vision Pro

iOS 15.8.3 and iPadOS 15.8.3

iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Apple also patched the regreSSHion vulnerability that allows unauthenticated Remote Code Execution (RCE) in OpenSSH.

For beta testers Apple also released the first beta of iOS 18.1 to developers. This update is available for iPhone 15 Pro and iPhone 15 Pro Max and includes the first set of Apple Intelligence features, such as Writing Tools, new features for Mail and notifications, upgrades to Photos, and more.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Apple fixes Siri vulnerabilities that could have allowed sensitive data theft from locked device. Update now! 

With sufficient privileges in Active Directory, attackers only have to create an "ESX Admins" group in the targeted domain and add a user to it.

Source: Schoening via Alamy Stock Photo

Multiple ransomware groups have been weaponizing an authentication bypass bug in VMware ESXi hypervisors to quickly deploy malware across virtualized environments.

VMware assigned the bug (CVE-2024-37085) a "medium" 6.8 out of 10 score on the CVSS scale. The average score is largely due to the fact that it requires an attacker to have existing permissions in a target's Active Directory (AD).

If they do have AD access, however, attackers can cause significant damage. With no technical trickery whatsoever, they can use CVE-2024-37085 to instantly scale up their ESXi privileges to the max, opening the door to ransomware deployment, data exfiltration, lateral movement, and more. Groups like Storm-0506 (aka Black Basta), Storm-1175, Manatee Tempest (part of Evil Corp), and Octo Tempest (aka Scattered Spider) have already tried it out, deploying ransomware such as Black Basta and Akira.

Broadcom recently published a fix, available on its website.

**How CVE-2024-37085 Works**

Some organizations configure their ESXi hypervisors to use AD for user management. It turns out that by doing this, organizations were exposing themselves to something unexpected. By default, ESXi hypervisors granted full administrative access to any member of an AD domain group named "ESX Admins."

It's unclear how the "ESX Admins" group vulnerability was introduced into ESXi in the first place—Broadcom declined to clarify when Dark Reading reached out on the question. As Microsoft noted in a blog post, there's no particular reason why the hypervisor should have expected such a domain group, or have had a rule for what to do with it. "This group is not a built-in group in Active Directory and does not exist by default. ESXi hypervisors do not validate that such a group exists when the server is joined to a domain and still treats any members of a group with this name with full administrative access, even if the group did not originally exist," the threat intel team wrote. "Additionally, the membership in the group is determined by name and not by security identifier (SID)."

Exploiting CVE-2024-37085 was entirely trivial. So long as an attacker had sufficient privileges in AD, all they'd have to do to gain ESXi admin privileges was to create an "ESX Admins" group in the targeted domain and add a user to it. They could also rename any existing group to "ESX Admins," and either wield one of its existing users or add a new one.

**The Risk with Hypervisors**

"Ransomware attacks targeting ESXi and VMs are increasingly common, especially since around 2020, when enterprises increased their move toward digital transformation and took advantage of modern hybrid cloud and virtualized on-premise environments," explains Jason Soroko, senior vice president of product at Sectigo.

For all the business sense they make, virtualized environments also afford hackers unique benefits. Hypervisors tend to run many VMs at once, making them a one-stop shop for blasting ransomware as widely as possible, and those VMs often host critical services and business data.

Their utility to hackers makes it all the more troubling that, as Microsoft noted in its blog, security products have limited visibility and protections for hypervisors. This, Soroko explains, is "due to their isolation, complexity, and the specialized knowledge required for their protection. This isolation makes it difficult for traditional security tools to monitor and protect the entire environment, and API integration limits further exacerbate this issue."

To cover for these shortcomings, Microsoft highlighted the importance of keeping up to date with patches, and practicing broader cyber hygiene around critical and vulnerable assets. "Attackers love using the path of least resistance that provides maximum opportunity," Soroko notes, adding that ransomware actors will only target these systems more and more in the future.

**About the Author(s)**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Ransomware Gangs Exploit ESXi Bug for Instant, Mass Encryption of VMs

Apple Security Advisory 07-29-2024-9 - visionOS 1.3 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-07-29-2024-9 visionOS 1.3

visionOS 1.3 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT214123.

Apple maintains a Security Releases page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Apple Neural Engine  
Available for: Apple Vision Pro  
Impact: A local attacker may be able to cause unexpected system shutdown  
Description: The issue was addressed with improved memory handling.  
CVE-2024-27826: Ye Zhang (@VAR10CK) of Baidu Security and Minghao Lin

AppleAVD  
Available for: Apple Vision Pro  
Impact: An app may be able to cause unexpected system termination  
Description: The issue was addressed with improved memory handling.  
CVE-2024-27804: Meysam Firouzi (@R00tkitSMM)

CoreGraphics  
Available for: Apple Vision Pro  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2024-40799: D4m0n    

ImageIO  
Available for: Apple Vision Pro  
Impact: Processing an image may lead to a denial-of-service  
Description: This is a vulnerability in open source code and Apple  
Software is among the affected projects. The CVE-ID was assigned by a  
third party. Learn more about the issue and CVE-ID at cve.org.  
CVE-2023-6277  
CVE-2023-52356

ImageIO  
Available for: Apple Vision Pro  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2024-40806: Yisumi

ImageIO  
Available for: Apple Vision Pro  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An out-of-bounds access issue was addressed with improved  
bounds checking.  
CVE-2024-40777: Junsung Lee working with Trend Micro Zero Day  
Initiative, and Amir Bazine and Karsten König of CrowdStrike Counter  
Adversary Operations

ImageIO  
Available for: Apple Vision Pro  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An integer overflow was addressed with improved input  
validation.  
CVE-2024-40784: Junsung Lee working with Trend Micro Zero Day Initiative  
and Gandalf4a

Kernel  
Available for: Apple Vision Pro  
Impact: A local attacker may be able to determine kernel memory layout  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-27863: CertiK SkyFall Team

Kernel  
Available for: Apple Vision Pro  
Impact: An attacker in a privileged network position may be able to  
spoof network packets  
Description: A race condition was addressed with improved locking.  
CVE-2024-27823: Prof. Benny Pinkas of Bar-Ilan University, Prof. Amit  
Klein of Hebrew University, and EP

Kernel  
Available for: Apple Vision Pro  
Impact: A local attacker may be able to cause unexpected system shutdown  
Description: A type confusion issue was addressed with improved memory  
handling.  
CVE-2024-40788: Minghao Lin and Jiaxun Zhu from Zhejiang University

Shortcuts  
Available for: Apple Vision Pro  
Impact: A shortcut may be able to bypass Internet permission  
requirements  
Description: A logic issue was addressed with improved checks.  
CVE-2024-40809: an anonymous researcher  
CVE-2024-40812: an anonymous researcher

WebKit  
Available for: Apple Vision Pro  
Impact: Processing maliciously crafted web content may lead to an  
unexpected process crash  
Description: A use-after-free issue was addressed with improved memory  
management.  
WebKit Bugzilla: 273176  
CVE-2024-40776: Huang Xilin of Ant Group Light-Year Security Lab  
WebKit Bugzilla: 268770  
CVE-2024-40782: Maksymilian Motyl

WebKit  
Available for: Apple Vision Pro  
Impact: Processing maliciously crafted web content may lead to an  
unexpected process crash  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
WebKit Bugzilla: 275431  
CVE-2024-40779: Huang Xilin of Ant Group Light-Year Security Lab  
WebKit Bugzilla: 275273  
CVE-2024-40780: Huang Xilin of Ant Group Light-Year Security Lab

WebKit  
Available for: Apple Vision Pro  
Impact: Processing maliciously crafted web content may lead to a cross  
site scripting attack  
Description: This issue was addressed with improved checks.  
WebKit Bugzilla: 273805  
CVE-2024-40785: Johan Carlsson (joaxcar)

WebKit  
Available for: Apple Vision Pro  
Impact: Processing maliciously crafted web content may lead to an  
unexpected process crash  
Description: An out-of-bounds access issue was addressed with improved  
bounds checking.  
CVE-2024-40789: Seunghyun Lee (@0x10n) of KAIST Hacking Lab working with  
Trend Micro Zero Day Initiative

Additional recognition

AirDrop  
We would like to acknowledge Linwz of DEVCORE for their assistance.

Shortcuts  
We would like to acknowledge an anonymous researcher for their  
assistance.

Instructions on how to update visionOS are available at  
https://support.apple.com/HT214009  To check the software version  
on your Apple Vision Pro, open the Settings app and choose General >  
About.  
All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmaoIKEACgkQX+5d1TXa  
IvrPMhAAvJRTT2vBEmsCe8fWRLfDlgrh95ubjnuQ0VJ+dbM2MrdUXZr/bueevkhJ  
K8bCqDg19hqeWStGG2FoVB0lThZOiS7BIBYyNmfKKyID25dXKUUGVSluLTATOFCs  
YVruEya71fuY4JAFI6c6S2rCfbTDLS0/8Iq72LQX/umUo5DD9YX/fBgKA7ji6KML  
49cOpRpT6xG2OYEFG+GQw4p8/ha4Dg1QSPhSgYs1n0iwv2Al5siedmhxT+j8Xnof  
O0Wo54q+e7lIMTQaj8SLKh2zysYpHGNREaUIfGKCyr0FuJCEkWdGNaMlNeqI602z  
CYVnLLr3H0tcOGSQtmlUodPQEjunGs3j1AUkZuezagHZzqmR1Tlh4tt3tx3s0B3+  
nxIoA2ejJH6no5gvaOFZmc8MgUgwL0/LO/GRm6Ow9lu9N8Bbey34s5h4bnn78/M+  
W11upSvy6j2C7Nz5n6KgySSmj3sx0AGw199+MoR3iu1+3dGt332CYCIzDI/9WJTg  
sdVFJD7ZLLSjt2lDD5FkJqoAy1kkTqi9eSsbOVlfYEgBvUr4zvvL8mNgx1/l6mFH  
9w+rOTo1inMKLwwtPuqJQhEq0uUSY7LcAjIqUBmPWu1PENpeGIOQaSNxkL35SGkB  
6lAKhD6YpkFIrwzuGMtfD9wwPC4OK48BfOV5YMNH4YLT0G4RjMQ=  
=E3LP  
-----END PGP SIGNATURE-----

Apple Security Advisory 07-29-2024-9

Apple Security Advisory 07-29-2024-8 - tvOS 17.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-07-29-2024-8 tvOS 17.6

tvOS 17.6 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT214122.

Apple maintains a Security Releases page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

AppleMobileFileIntegrity  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to bypass Privacy preferences  
Description: A downgrade issue was addressed with additional code-  
signing restrictions.  
CVE-2024-40774: Mickey Jin (@patch1t)

CoreGraphics  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2024-40799: D4m0n

dyld  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: A malicious attacker with arbitrary read and write capability  
may be able to bypass Pointer Authentication  
Description: A race condition was addressed with additional validation.  
CVE-2024-40815: w0wbox

Family Sharing  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to read sensitive location information  
Description: This issue was addressed with improved data protection.  
CVE-2024-40795: Csaba Fitzl (@theevilbit) of Kandji

ImageIO  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing an image may lead to a denial-of-service  
Description: This is a vulnerability in open source code and Apple  
Software is among the affected projects. The CVE-ID was assigned by a  
third party. Learn more about the issue and CVE-ID at cve.org.  
CVE-2023-6277  
CVE-2023-52356

ImageIO  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2024-40806: Yisumi

ImageIO  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An out-of-bounds access issue was addressed with improved  
bounds checking.  
CVE-2024-40777: Junsung Lee working with Trend Micro Zero Day  
Initiative, and Amir Bazine and Karsten König of CrowdStrike Counter  
Adversary Operations

ImageIO  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An integer overflow was addressed with improved input  
validation.  
CVE-2024-40784: Junsung Lee working with Trend Micro Zero Day Initiative  
and Gandalf4a

Kernel  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: A local attacker may be able to determine kernel memory layout  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-27863: CertiK SkyFall Team

Kernel  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: A local attacker may be able to cause unexpected system shutdown  
Description: A type confusion issue was addressed with improved memory  
handling.  
CVE-2024-40788: Minghao Lin and Jiaxun Zhu from Zhejiang University

libxpc  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to bypass Privacy preferences  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-40805

Sandbox  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to bypass Privacy preferences  
Description: This issue was addressed through improved state management.  
CVE-2024-40824: Wojciech Regula of SecuRing (wojciechregula.blog) and  
Zhongquan Li (@Guluisacat) from Dawn Security Lab of JingDong

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing maliciously crafted web content may lead to an  
unexpected process crash  
Description: A use-after-free issue was addressed with improved memory  
management.  
WebKit Bugzilla: 273176  
CVE-2024-40776: Huang Xilin of Ant Group Light-Year Security Lab  
WebKit Bugzilla: 268770  
CVE-2024-40782: Maksymilian Motyl

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing maliciously crafted web content may lead to an  
unexpected process crash  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
WebKit Bugzilla: 275431  
CVE-2024-40779: Huang Xilin of Ant Group Light-Year Security Lab  
WebKit Bugzilla: 275273  
CVE-2024-40780: Huang Xilin of Ant Group Light-Year Security Lab

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing maliciously crafted web content may lead to a cross  
site scripting attack  
Description: This issue was addressed with improved checks.  
WebKit Bugzilla: 273805  
CVE-2024-40785: Johan Carlsson (joaxcar)

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing maliciously crafted web content may lead to an  
unexpected process crash  
Description: An out-of-bounds access issue was addressed with improved  
bounds checking.  
CVE-2024-40789: Seunghyun Lee (@0x10n) of KAIST Hacking Lab working with  
Trend Micro Zero Day Initiative

Apple TV will periodically check for software updates. Alternatively,  
you may manually check for software updates by selecting "Settings ->  
System -> Software Update -> Update Software."  To check the current  
version of software, select "Settings -> General -> About."  
All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmaoIFQACgkQX+5d1TXa  
IvrqRg/+Klv/Cy1M7Ii5T/jTDQ9ggrY36CjR6GJaFwXMlC++eNYidc9LeVNU72PI  
F7GpQ6ZntYJZzEm1YGUOjkU38IYid5lnfDQHsfTTm8Pzmk+1vbcLDYEfsoeGK81F  
7qcirUzseRYBmvbei2X2HqiGh/bLJgHUb433lDPQcVIUNmvdYuGtaDYNnbhOJ80u  
+LET8E2GjIVWY15ZtSHC59OctUPtI6l6HrncqLTjXegePCqLC2Z4BIGmnPoyOGSf  
zTgFXSfekwZ/5y6PKPhDu+NgrrCI+IhP20mO0pj2IhQgd56yEdF6P7dYrWlElQmi  
/MoMZTzfxQPBzHxcfmG4ANqMSJzE3oZ737r32o4dwsdIiBJ9JG+UV9722kk+CH+7  
NKN1GBxf05kEXXJ+Y4c9VyCMQVxW9RaPQic89WoWA7JQsrmah8osHFnxTxL4d12X  
cR5JohihgI+EE4N+MqlT/CKE+0r/Oy6yalRCJQugA1fBQiIa57twRK3+sGQUqtn0  
fI2PmXTkF47pm9ed7foE+XtknEerfvGruWH3SUAKo46Q3yUGvR1cQ4v1lzXG51AR  
+6rV79CKWRztAqXS6uermURsTBcUDnnHH+9HH+2kLOyNuQ/F6Th1Ng1CUWrMJeSf  
eE1sp6m+eR3uuUPwfEPZwJxhlUlZj4kaQE8gipr3DBrZFCJY6To=  
=prdc  
-----END PGP SIGNATURE-----

Apple Security Advisory 07-29-2024-8

Apple Security Advisory 07-29-2024-7 - watchOS 10.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-07-29-2024-7 watchOS 10.6

watchOS 10.6 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT214124.

Apple maintains a Security Releases page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

AppleMobileFileIntegrity  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to bypass Privacy preferences  
Description: A downgrade issue was addressed with additional code-  
signing restrictions.  
CVE-2024-40774: Mickey Jin (@patch1t)

CoreGraphics  
Available for: Apple Watch Series 4 and later  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2024-40799: D4m0n

dyld  
Available for: Apple Watch Series 4 and later  
Impact: A malicious attacker with arbitrary read and write capability  
may be able to bypass Pointer Authentication  
Description: A race condition was addressed with additional validation.  
CVE-2024-40815: w0wbox

Family Sharing  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to read sensitive location information  
Description: This issue was addressed with improved data protection.  
CVE-2024-40795: Csaba Fitzl (@theevilbit) of Kandji

ImageIO  
Available for: Apple Watch Series 4 and later  
Impact: Processing an image may lead to a denial-of-service  
Description: This is a vulnerability in open source code and Apple  
Software is among the affected projects. The CVE-ID was assigned by a  
third party. Learn more about the issue and CVE-ID at cve.org.  
CVE-2023-6277  
CVE-2023-52356

ImageIO  
Available for: Apple Watch Series 4 and later  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2024-40806: Yisumi

ImageIO  
Available for: Apple Watch Series 4 and later  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An out-of-bounds access issue was addressed with improved  
bounds checking.  
CVE-2024-40777: Junsung Lee working with Trend Micro Zero Day  
Initiative, Amir Bazine and Karsten König of CrowdStrike Counter  
Adversary Operations

ImageIO  
Available for: Apple Watch Series 4 and later  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An integer overflow was addressed with improved input  
validation.  
CVE-2024-40784: Junsung Lee working with Trend Micro Zero Day Initiative  
and Gandalf4a

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: A local attacker may be able to determine kernel memory layout  
Description: An information disclosure issue was addressed with improved  
private data redaction for log entries.  
CVE-2024-27863: CertiK SkyFall Team

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: A local attacker may be able to cause unexpected system shutdown  
Description: A type confusion issue was addressed with improved memory  
handling.  
CVE-2024-40788: Minghao Lin and Jiaxun Zhu from Zhejiang University

libxpc  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to bypass Privacy preferences  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-40805

Phone  
Available for: Apple Watch Series 4 and later  
Impact: An attacker with physical access may be able to use Siri to  
access sensitive user data  
Description: A lock screen issue was addressed with improved state  
management.  
CVE-2024-40813: Jacob Braun

Sandbox  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to bypass Privacy preferences  
Description: This issue was addressed through improved state management.  
CVE-2024-40824: Wojciech Regula of SecuRing (wojciechregula.blog) and  
Zhongquan Li (@Guluisacat) from Dawn Security Lab of JingDong

Shortcuts  
Available for: Apple Watch Series 4 and later  
Impact: A shortcut may be able to use sensitive data with certain  
actions without prompting the user  
Description: A logic issue was addressed with improved checks.  
CVE-2024-40835: an anonymous researcher  
CVE-2024-40836: an anonymous researcher

Shortcuts  
Available for: Apple Watch Series 4 and later  
Impact: A shortcut may be able to bypass Internet permission  
requirements  
Description: A logic issue was addressed with improved checks.  
CVE-2024-40809: an anonymous researcher  
CVE-2024-40812: an anonymous researcher

Shortcuts  
Available for: Apple Watch Series 4 and later  
Impact: A shortcut may be able to bypass Internet permission  
requirements  
Description: This issue was addressed by adding an additional prompt for  
user consent.  
CVE-2024-40787: an anonymous researcher

Shortcuts  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access user-sensitive data  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2024-40793: Kirin (@Pwnrin)

Siri  
Available for: Apple Watch Series 4 and later  
Impact: An attacker with physical access may be able to use Siri to  
access sensitive user data  
Description: This issue was addressed by restricting options offered on  
a locked device.  
CVE-2024-40818: Bistrit Dahal and Srijan Poudel

Siri  
Available for: Apple Watch Series 4 and later  
Impact: An attacker with physical access to a device may be able to  
access contacts from the lock screen  
Description: This issue was addressed by restricting options offered on  
a locked device.  
CVE-2024-40822: Srijan Poudel

VoiceOver  
Available for: Apple Watch Series 4 and later  
Impact: An attacker may be able to view restricted content from the lock  
screen  
Description: The issue was addressed with improved checks.  
CVE-2024-40829: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain  
College of Technology Bhopal India

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing maliciously crafted web content may lead to an  
unexpected process crash  
Description: A use-after-free issue was addressed with improved memory  
management.  
WebKit Bugzilla: 273176  
CVE-2024-40776: Huang Xilin of Ant Group Light-Year Security Lab  
WebKit Bugzilla: 268770  
CVE-2024-40782: Maksymilian Motyl

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing maliciously crafted web content may lead to an  
unexpected process crash  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
WebKit Bugzilla: 275431  
CVE-2024-40779: Huang Xilin of Ant Group Light-Year Security Lab  
WebKit Bugzilla: 275273  
CVE-2024-40780: Huang Xilin of Ant Group Light-Year Security Lab

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing maliciously crafted web content may lead to a cross  
site scripting attack  
Description: This issue was addressed with improved checks.  
WebKit Bugzilla: 273805  
CVE-2024-40785: Johan Carlsson (joaxcar)

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing maliciously crafted web content may lead to an  
unexpected process crash  
Description: An out-of-bounds access issue was addressed with improved  
bounds checking.  
CVE-2024-40789: Seunghyun Lee (@0x10n) of KAIST Hacking Lab working with  
Trend Micro Zero Day Initiative

Additional recognition

Shortcuts  
We would like to acknowledge an anonymous researcher for their  
assistance.

Instructions on how to update your Apple Watch software are available  
at https://support.apple.com/HT204641  To check the version on  
your Apple Watch, open the Apple Watch app on your iPhone and select  
"My Watch > General > About".  Alternatively, on your watch, select  
"My Watch > General > About".  
All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmaoICUACgkQX+5d1TXa  
IvoXBQ/+K5v4MYwo1Lr0ZOzH2g2WI2cuYrXSeos2rbmgHLyriF6TlW8FnwHMBF4c  
1yqOp5vmv7hfkYUHXdIlLX7VUCdYSSu+FAPVjykogqTTa09dsMRMK1mu8MulXxPO  
eSvWdEF8HrPe7Aw45jHIxxilJC50TRDZbIl1HWO4w0qi6G2dNwnQwCLC2BkiqXp7  
7t60Ou9HdILroG3xUUl+EUM+RN7rcqfJ6pkPWmgNUdT31mln7jb++RXzsS00d6ee  
HEH96qVAlEq8A5LQmNmpru8MatI0l5sr1qtfb/prY0A10lCUb8IwCeDL1v13RAlN  
/7WWD5sLqM4yhvQKgN956Bmn9ggfzB+BsOORl6Eei6w/QRi/caZEC9yty9ylHJqJ  
65ApHnhgEtCul/uvlzCnVJbZJZBMZYTaVeRftDAp49FH8sBlLyPka4ym/aeOnU76  
tP7GcDVkmK7oDeCqNuSM0XPxBI7zc2CZ5aZq0y+OBfLWWo0kBORkksyDWylhk0cD  
wAzyyFt0oUgYH7bwpu4pRE5b3ZcaUzt6hCruRCKC+m28sMQ9bkqfuzCResZ+CCHS  
Lf0wg1wI+4AjAcIEEZ13A7v8tKoC0PHr1ByJe7LXSTTdxkiOOHmkhD+Iy6/Xyc+4  
zRBKwUtbmniB+aHFqU3Qp0eDTFlNAg01lN15BH6pLKwfXD0ERIk=  
=MEx2  
-----END PGP SIGNATURE-----

Apple Security Advisory 07-29-2024-7

Chuksrio LMS version 2.9 suffers from an insecure direct object reference vulnerability.

**Chuksrio LMS 2.9 Insecure Direct Object Reference**

Posted Jul 30, 2024

Authored by indoushka

Chuksrio LMS version 2.9 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 2913e2114833b1b975093b54cddc506496b54958798b2a0f6a2dd39c81193a02

Download | Favorite | View

**Chuksrio LMS 2.9 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : Chuksrio LMS v2.9 IDOR Vulnerability                                                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /admin/header.php?captcha[+] https://www/127.0.0.1/mefkayschools.org/admin/header.php?captchaGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,203)
*   Arbitrary (16,836)
*   BBS (2,859)
*   Bypass (1,854)
*   CGI (1,033)
*   Code Execution (7,783)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,383)
*   DoS (25,016)
*   Encryption (2,389)
*   Exploit (53,089)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,885)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (896)
*   Kernel (7,183)
*   Local (14,788)
*   Magazine (586)
*   Overflow (13,161)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,724)
*   Python (1,630)
*   Remote (31,622)
*   Root (3,632)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,024)
*   Shell (3,273)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,275)
*   SQL Injection (16,591)
*   TCP (2,440)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,920)
*   Web (9,953)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,084)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,560)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,418)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,704)
*   UNIX (9,432)
*   UnixWare (187)
*   Windows (6,668)
*   Other

Tag

#apple