Posted by Apple Product Security via Fulldisclosure on Oct 25

APPLE-SA-10-25-2023-1 iOS 17.1 and iPadOS 17.1

iOS 17.1 and iPadOS 17.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213982.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Contacts
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro…

Read More

Posted by Steve Lord on Oct 25

-o- Ringzer0 BOOTSTRAP24 Austin Call For Papers -o-

## Dates, Deadlines and Venue:

– BOOTSTRAP24 Conference: 24 February 2024
– BOOTLOADER Mixer Evening: 23 February 2024
– CFP Closes 3 November 2023
– Final Selection by 5 November 2023
– Talks and Workshops should be submitted to
https://cfp.ringzer0.training/ringzer0-bootstrap24-austin/cfp

## About Ringzer0 BOOTSTRAP24 Austin

– All new hacker conference heavy on hands-on participation!
– A…

Read More

A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to

1.3.1.2

and 

Lenovo Diagnostics versions prior to 4.45

that could allow a local user with administrative access to trigger a system crash.

Read More

A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to

1.3.1.2

and 

Lenovo Diagnostics versions prior to 4.45

that could allow a local user with administrative access to trigger a system crash.

Read More

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
prepending values to certain properties. An attacker could possibly use
this issue to cause the X Server to crash, execute arbitrary code, or
escalate privileges. (CVE-2023-5367)

Sri discovered that the X.Org X Server incorrectly handled detroying
windows in certain legacy multi-screen setups. An attacker could possibly
use this issue to cause the X Server to crash, execute arbitrary code, or
escalate privileges. (CVE-2023-5380)

Read More

It was discovered that Vim could be made to divide by zero. An attacker
could possibly use this issue to cause a denial of service. This issue
only affected Ubuntu 23.04. (CVE-2023-3896)

It was discovered that Vim did not properly manage memory. An attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. (CVE-2023-4733, CVE-2023-4750)

It was discovered that Vim contained an arithmetic overflow. An attacker
could possibly use this issue to cause a denial of service. This issue
only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.
(CVE-2023-4734)

It was discovered that Vim could be made to write out of bounds. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. (CVE-2023-4735, CVE-2023-5344)

It was discovered that Vim could be made to write out of bounds. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 23.04 and Ubuntu
23.10. (CVE-2023-4738)

It was discovered that Vim could be made to write out of bounds. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu
16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and
Ubuntu 23.04. (CVE-2023-4751)

It was discovered that Vim did not properly manage memory. An attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04
LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-4752, CVE-2023-5535)

It was discovered that Vim could be made to write out of bounds. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu
22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-4781)

It was discovered that Vim could be made to dereference invalid memory. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2023-5441)

Read More

A vulnerability has been discovered in Google Chrome which could allow for arbitrary code execution. ChromeOS is a Linux-based operating system developed and designed by Google. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More