Posted by Apple Product Security via Fulldisclosure on Jan 26
APPLE-SA-01-22-2024-4 iOS 15.8.1 and iPadOS 15.8.1
iOS 15.8.1 and iPadOS 15.8.1 addresses the following issues.
Information about the security content is also available at https://support.apple.com/kb/HT214062.
Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE
(1st generation),…
Posted by Apple Product Security via Fulldisclosure on Jan 26
APPLE-SA-01-22-2024-3 iOS 16.7.5 and iPadOS 16.7.5
iOS 16.7.5 and iPadOS 16.7.5 addresses the following issues.
Information about the security content is also available at https://support.apple.com/kb/HT214063.
Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
Posted by Apple Product Security via Fulldisclosure on Jan 26
APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3
iOS 17.3 and iPadOS 17.3 addresses the following issues.
Information about the security content is also available at https://support.apple.com/kb/HT214059.
Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone XS and later,
iPad Pro…
Posted by Valentin Lobstein via Fulldisclosure on Jan 26
CVE ID: CVE-2024-22903
Title: Command Injection Vulnerability in SystemHandler.class.php of Vinchin Backup & Recovery Versions 7.2 and Earlier
Description:
A significant security vulnerability, CVE-2024-22903, has been identified in the `deleteUpdateAPK` function within the
`SystemHandler.class.php` file of Vinchin Backup & Recovery software, affecting versions 7.2 and earlier. This
function, designed to delete APK files, is prone to…
Suggested Description:
Vinchin Backup & Recovery version 7.2 has been identified as being configured with default root credentials, posing a
significant security vulnerability.
Additional Information:
There is no documentation or guidance from Vinchin on changing the root password for this version. The use of password
authentication…
Posted by Valentin Lobstein via Fulldisclosure on Jan 26
CVE ID: CVE-2024-22899
Title: Command Injection Vulnerability in Vinchin Backup and Recovery’s syncNtpTime Function in Versions 7.2 and Earlier
Description:
A critical security vulnerability, identified as CVE-2024-22899, has been discovered in the `syncNtpTime` function of
Vinchin Backup and Recovery software. This issue affects versions 7.2 and earlier. The function, part of the
`SystemHandler.class.php` file, is designed for…
Title: Command Injection Vulnerability in Vinchin Backup and Recovery Versions 7.2 and Earlier
Description:
A critical security vulnerability, identified as CVE-2024-22900, has been discovered in Vinchin Backup and Recovery
software, affecting versions 7.2 and earlier. The vulnerability is present in the `setNetworkCardInfo` function, which
is intended to update network card information.
CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths
supplied to the `sendmail` proxy command. This allows local users to read
and write arbitrary files of certain file formats outside the…