Posted by Apple Product Security via Fulldisclosure on Mar 14

APPLE-SA-2022-03-14-7 Xcode 13.3

Xcode 13.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213189.

iTMSTransporter
Available for: macOS Monterey 12 and later
Impact: Multiple issues in iTMSTransporter
Description: Multiple issues were addressed with updating FasterXML
jackson-databind and Apache Log4j2.
CVE-2019-14379
CVE-2021-44228

otool
Available for: macOS Monterey 12…

Read More

Posted by Apple Product Security via Fulldisclosure on Mar 14

APPLE-SA-2022-03-14-6 Security Update 2022-003 Catalina

Security Update 2022-003 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213185.

AppleGraphicsControl
Available for: macOS Catalina
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22631: an anonymous…

Read More

Posted by Apple Product Security via Fulldisclosure on Mar 14

APPLE-SA-2022-03-14-9 GarageBand 10.4.6

GarageBand 10.4.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213191.

MIDI
Available for: macOS Big Sur 11.5 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory initialization issue was addressed with
improved memory handling….

Read More

Posted by Apple Product Security via Fulldisclosure on Mar 14

APPLE-SA-2022-03-14-8 Logic Pro X 10.7.3

Logic Pro X 10.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213190. You can encrypt communications with Apple using the Apple Product
Security PGP Key.
Apple security documents reference vulnerabilities by CVE-ID when
possible.

MIDI
Available for: macOS Big Sur 11.5 and later
Impact: Opening a maliciously crafted file may lead…

Read More

Posted by malvuln on Mar 14

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/c4cc1317aea42f7dd4a1b786c5278a24.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Hades RAT – Web Panel
Vulnerability: Insecure Credential Storage
Family: Hades
Type: WebUI
MD5: c4cc1317aea42f7dd4a1b786c5278a24
MD5: a117b7fa4691b766dd5aa6455438fded (strings.ini)
Vuln ID: MVID-2022-0512
Disclosure: 03/13/2022
Description: The…

Read More

Posted by malvuln on Mar 14

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/baf102927947289e4d589028620ce291.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: RedLine.MainPanel – cracked.exe
Vulnerability: Insecure Permissions
Description: The malware writes PE files with insecure permissions to c
drive granting change (C) permissions to the authenticated user group.
Standard users can rename the…

Read More

Posted by Kelvin Yip on Mar 14

Hi Team,

Here is the exploit information for CVE-2021-45040.

Below is summary of timeline for reference:

1. Contact developer (security contact: Freek) regarding the vulnerability at Mon 12/13/2021 11:42 AM (GMT+8)
2. Contact CERT.org at Mon 12/13/2021 10:36 PM
3. Submit CVE Request to Mitre at Mon 12/13/2021 11:30 PM
4. No response from vendor until now.
5. Possible solution had been documented by our research team:…

Read More

FEDORA-2022-0b216519ff

Packages in this update:

cabal-rpm-2.0.11-1.fc36

Update description:

take build-tool-depends into account (#65)
‘spec’,’update’: detect autorelease and preserve autochangelog (#66)
‘spec –standalone’: strip executable
support _builddir

Read More

Tavis Ormandy discovered that the BN_mod_sqrt() function of OpenSSL
could be tricked into an infinite loop. This could result in denial of
service via malformed certificates.

Read More

Post Content

Read More