Monthly Archives: September 2024

Advisories

SEC Consult blog :: Microsoft Windows MSI Installer – Repair to SYSTEM – A detailed journey (CVE-2024-38014) + msiscan tool release

Read Time:22 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Sep 16

The SEC Consult Vulnerability Lab published a new blog post titled:
“Microsoft Windows MSI Installer – Repair to SYSTEM – A detailed journey”
covering the recent Microsoft September 2024 patch for CVE-2024-38014.

Blog URL:
———
https://r.sec-consult.com/msi

Author:
——-
Michael Baer, SEC Consult Vulnerability Lab

Abstract:
———
This article by our researcher Michael Baer for the SEC Consult Vulnerability Lab
will explain…

Read More

Advisories

Stored XSS to Account Takeover – htmlyv2.9.9

Read Time:24 Second

Posted by Andrey Stoykov on Sep 16

# Exploit Title: Stored XSS to Account Takeover – htmlyv2.9.9
# Date: 9/2024
# Exploit Author: Andrey Stoykov
# Version: 2.9.9
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/08/friday-fun-pentest-series-9-stored-xss.html

Description:

– It was found that the application suffers from stored XSS

– Low level user having an “author” role can takeover admin account and
change their password via posting a malicious…

Read More

Advisories

APPLE-SA-09-16-2024-10 macOS Ventura 13.7

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Sep 16

APPLE-SA-09-16-2024-10 macOS Ventura 13.7

macOS Ventura 13.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121234.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accounts
Available for: macOS Ventura
Impact: An app may be able to leak sensitive user information
Description: The…

Read More

Advisories

APPLE-SA-09-16-2024-9 macOS Sonoma 14.7

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on Sep 16

APPLE-SA-09-16-2024-9 macOS Sonoma 14.7

macOS Sonoma 14.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121247.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accounts
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: The issue was…

Read More

Advisories

APPLE-SA-09-16-2024-8 iOS 17.7 and iPadOS 17.7

Read Time:26 Second

Posted by Apple Product Security via Fulldisclosure on Sep 16

APPLE-SA-09-16-2024-8 iOS 17.7 and iPadOS 17.7

iOS 17.7 and iPadOS 17.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121246.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
2nd generation and…

Read More

Advisories

APPLE-SA-09-16-2024-7 Xcode 16

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Sep 16

APPLE-SA-09-16-2024-7 Xcode 16

Xcode 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121239.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

IDE Documentation
Available for: macOS Sonoma 14.5 and later
Impact: A malicious application may gain access to a user’s Keychain
items…

Read More

Advisories

APPLE-SA-09-16-2024-6 Safari 18

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Sep 16

APPLE-SA-09-16-2024-6 Safari 18

Safari 18 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121241.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The…

Read More

Advisories

APPLE-SA-09-16-2024-5 visionOS 2

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Sep 16

APPLE-SA-09-16-2024-5 visionOS 2

visionOS 2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121249.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

APFS
Available for: Apple Vision Pro
Impact: A malicious app with root privileges may be able to modify the
contents of system files…

Read More

Advisories

APPLE-SA-09-16-2024-4 watchOS 11

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Sep 16

APPLE-SA-09-16-2024-4 watchOS 11

watchOS 11 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121240.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: Apple Watch Series 6 and later
Impact: An attacker with physical access to a locked device may be able
to…

Read More

Advisories

APPLE-SA-09-16-2024-3 tvOS 18

Read Time:26 Second

Posted by Apple Product Security via Fulldisclosure on Sep 16

APPLE-SA-09-16-2024-3 tvOS 18

tvOS 18 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121248.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Game Center
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to access user-sensitive data
Description: A file…

Read More