This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must connect a malicious Bluetooth device.
Yearly Archives: 2023
ZDI-23-384: Microsoft Office Word DOCX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-23-385: Microsoft Office Word SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-23-380: Microsoft Azure Machine Learning Service DSIMountAgent Missing Authentication Information Disclosure Vulnerability
This vulnerability allows network-adjacent attackers to disclose sensitive information on Microsoft Azure. Authentication is not required to exploit this vulnerability.
APPLE-SA-2023-04-10-3 macOS Big Sur 11.7.6
Posted by Apple Product Security via Fulldisclosure on Apr 10
APPLE-SA-2023-04-10-3 macOS Big Sur 11.7.6
macOS Big Sur 11.7.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213725.
IOSurfaceAccelerator
Available for: macOS Big Sur
Impact: An app may be able to execute arbitrary code with kernel
privileges. Apple is aware of a report that this issue may have been
actively exploited.
Description: An out-of-bounds write issue was…
APPLE-SA-2023-04-10-1 iOS 15.7.5 and iPadOS 15.7.5
Posted by Apple Product Security via Fulldisclosure on Apr 10
APPLE-SA-2023-04-10-1 iOS 15.7.5 and iPadOS 15.7.5
iOS 15.7.5 and iPadOS 15.7.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213723.
IOSurfaceAccelerator
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod
touch (7th generation)
Impact: An app may be able to execute arbitrary code with…
APPLE-SA-2023-04-10-2 macOS Monterey 12.6.5
Posted by Apple Product Security via Fulldisclosure on Apr 10
APPLE-SA-2023-04-10-2 macOS Monterey 12.6.5
macOS Monterey 12.6.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213724.
IOSurfaceAccelerator
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges. Apple is aware of a report that this issue may have been
actively exploited.
Description: An out-of-bounds write issue was…
APPLE-SA-2023-04-07-3 Safari 16.4.1
Posted by Apple Product Security via Fulldisclosure on Apr 10
APPLE-SA-2023-04-07-3 Safari 16.4.1
Safari 16.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213722.
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: A use after free issue was addressed…
APPLE-SA-2023-04-07-2 macOS Ventura 13.3.1
Posted by Apple Product Security via Fulldisclosure on Apr 10
APPLE-SA-2023-04-07-2 macOS Ventura 13.3.1
macOS Ventura 13.3.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213721.
IOSurfaceAccelerator
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges. Apple is aware of a report that this issue may have been
actively exploited.
Description: An out-of-bounds write issue was…
APPLE-SA-2023-04-07-1 iOS 16.4.1 and iPadOS 16.4.1
Posted by Apple Product Security via Fulldisclosure on Apr 10
APPLE-SA-2023-04-07-1 iOS 16.4.1 and iPadOS 16.4.1
iOS 16.4.1 and iPadOS 16.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213720.
IOSurfaceAccelerator
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: An app may be able to execute arbitrary code…