Posted by Apple Product Security via Fulldisclosure on Sep 12

APPLE-SA-2022-09-12-5 Safari 16

Safari 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213442.

Safari Extensions
Available for: macOS Big Sur and macOS Monterey
Impact: A website may be able to track users through Safari web
extensions
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 242278
CVE-2022-32868: Michael

WebKit…

Read More

Posted by Apple Product Security via Fulldisclosure on Sep 12

APPLE-SA-2022-09-12-4 macOS Monterey 12.6

macOS Monterey 12.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213444.

ATS
Available for: macOS Monterey
Impact: An app may be able to bypass Privacy preferences
Description: A logic issue was addressed with improved state
management.
CVE-2022-32902: Mickey Jin (@patch1t)

iMovie
Available for: macOS Monterey
Impact: A user may…

Read More

Posted by Apple Product Security via Fulldisclosure on Sep 12

APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7

iOS 15.7 and iPadOS 15.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213445.

Contacts
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to bypass Privacy preferences
Description:…

Read More

Posted by Apple Product Security via Fulldisclosure on Sep 12

APPLE-SA-2022-09-12-1 iOS 16

iOS 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213446.

Additional CVE entries to be added soon.

Contacts
Available for: iPhone 8 and later
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved checks.
CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security

Kernel
Available…

Read More

Posted by Moritz Bechler on Sep 12

Advisory ID: SYSS-2022-041
Product: JasperReports Server
Manufacturer: TIBCO Software Inc.
Tested Version(s): 8.0.2 Community Edition
Vulnerability Type: CWE-502: Deserialization of Untrusted Data
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2022-06-10
Solution Date: 2022-08-10
Public Disclosure: 2022-09-09
CVE Reference:…

Read More

Posted by Daniel Wood via Fulldisclosure on Sep 12

The Unqork Security team discovered multiple security vulnerabilities in
the Qualys Cloud Agent, to include arbitrary code execution.

CVE-2022-29549 (Arbitrary Code Execution)
https://nvd.nist.gov/vuln/detail/CVE-2022-29549

CVE-2022-29550 (Sensitive Information Disclosure)
https://nvd.nist.gov/vuln/detail/CVE-2022-29550

Read more:
https://www.unqork.com/resources/unqork-and-qualys-partner-to-resolve-zero-day-vulnerabilities…

Read More