Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
In episode nine of “The AI Fix”, our hosts learn about the world’s most dangerous vending machine, a cartoonist who hypnotises himself with AI, and OpenAI’s plans to eat Google’s lunch.
Graham tells Mark about a pig-farming professor, and Mark tests Graham’s tolerance with OpenAI’s terrifying roadmap to Artificial General Intelligence.
All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.
It was discovered that the Python ssl module contained a memory race
condition when handling the APIs to obtain the CA certificates and
certificate store statistics. This could possibly result in applications
obtaining wrong results, leading to various SSL issues. (CVE-2024-0397)
It was discovered that the Python ipaddress module contained incorrect
information about which IP address ranges were considered “private” or
“globally reachable”. This could possibly result in applications applying
incorrect security policies. (CVE-2024-4032)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM SCMI message protocol;
– InfiniBand drivers;
– TTY drivers;
– TLS protocol;
(CVE-2022-48655, CVE-2024-36016, CVE-2024-26584, CVE-2021-47131,
CVE-2024-26907, CVE-2024-26585, CVE-2024-26583)
