Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2023-35619: Microsoft Outlook for Mac Spoofing Vulnerability

**What is the nature of the spoofing?** An attacker could appear as a trusted user when they should not be. This could cause a user to mistakenly trust a signed email message as if it came from a legitimate user.

Microsoft Security Response Center
Open in Source
#vulnerability#mac#microsoft#git#Microsoft Office Outlook#Security Vulnerability
CVE-2023-35625: Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does this mean for this vulnerability?** The vulnerability enables data leakage only when a user's script is improperly used and triggers specific errors. The conditions required for triggering the error are not easily met making the complexity high.

CVE-2023-36004: Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability

**What is the attack vector for this vulnerability?** To exploit this vulnerability, an attacker would need to launch a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine.

Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws

Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices. This includes updates for 12 security vulnerabilities in iOS and iPadOS spanning AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari

CVE-2023-42927: About the security content of iOS 17.2 and iPadOS 17.2

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2. An app may be able to access sensitive user data.

CVE-2023-42926: About the security content of macOS Sonoma 14.2

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

CVE-2023-42890: About the security content of Safari 17.2

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution.

CVE-2023-42932: About the security content of macOS Ventura 13.6.3

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access protected user data.

CVE-2023-36650: CVCN

A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages.

CVE-2021-3187: Privilege Management Release Notes

An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.)