Yearly Archives: 2025

Advisories

APPLE-SA-01-27-2025-7 watchOS 11.3

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-7 watchOS 11.3

watchOS 11.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122071.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AirPlay
Available for: Apple Watch Series 6 and later
Impact: An attacker on the local network may be able to cause unexpected
system…

Read More

Advisories

APPLE-SA-01-27-2025-6 macOS Ventura 13.7.3

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-6 macOS Ventura 13.7.3

macOS Ventura 13.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122070.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to access sensitive user data…

Read More

Advisories

APPLE-SA-01-27-2025-5 macOS Sonoma 14.7.3

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-5 macOS Sonoma 14.7.3

macOS Sonoma 14.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122069.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AirPlay
Available for: macOS Sonoma
Impact: A remote attacker may cause an unexpected application
termination or…

Read More

Advisories

APPLE-SA-01-27-2025-4 macOS Sequoia 15.3

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-4 macOS Sequoia 15.3

macOS Sequoia 15.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122068.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AirPlay
Available for: macOS Sequoia
Impact: An attacker on the local network may be able to cause unexpected
system…

Read More

Advisories

APPLE-SA-01-27-2025-3 iPadOS 17.7.4

Read Time:26 Second

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-3 iPadOS 17.7.4

iPadOS 17.7.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122067.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AirPlay
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch,
and iPad 6th generation
Impact: A remote attacker may…

Read More

Advisories

APPLE-SA-01-27-2025-2 iOS 18.3 and iPadOS 18.3

Read Time:26 Second

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-2 iOS 18.3 and iPadOS 18.3

iOS 18.3 and iPadOS 18.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122066.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and…

Read More

Advisories

APPLE-SA-01-27-2025-1 visionOS 2.3

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on Jan 27

APPLE-SA-01-27-2025-1 visionOS 2.3

visionOS 2.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122073.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AirPlay
Available for: Apple Vision Pro
Impact: An attacker on the local network may be able to cause unexpected
system termination or…

Read More

Advisories

AutoLib Software Systems OPAC Version.20.10 | Exposure of Sensitive Information | CVE-2024-48310

Read Time:22 Second

Posted by Shaikh Shahnawaz on Jan 27

[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC
[+] twitter.com/_striv3r_

[Vendor]
Autolib-india
http://autolib-india.net/products.php

[Product]
AutoLib Software Systems OPAC Version.20.10

[Affected Component]
main.js file

[CVE Reference]
CVE-2024-48310

[Security Issue]
AutoLib Software Systems OPAC v20.10 was discovered to have multiple API
keys exposed within the source code. Attackers may use these keys to…

Read More

Advisories

SEC Consult SA-20250127-0 :: Weak Password Hashing Algorithms in Wind River Software VxWorks RTOS

Read Time:16 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jan 27

SEC Consult Vulnerability Lab Security Advisory < 20250127-0 >
=======================================================================
title: Weak Password Hashing Algorithms
product: Wind River Software VxWorks RTOS
vulnerable version: >= VxWorks 6.9
fixed version: not available
CVE number: no CVE assigned by Wind River
impact: High
homepage:…

Read More

Advisories

Host Header Injection – atutorv2.2.4

Read Time:24 Second

Posted by Andrey Stoykov on Jan 27

# Exploit Title: Host Header Injection – atutorv2.2.4
# Date: 01/2025
# Exploit Author: Andrey Stoykov
# Version: 2.2.4
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2025/01/friday-fun-pentest-series-18-host.html

Description:

– It was found that the application had a Host Header Injection
vulnerability.

Host Header Injection #1:

Steps to Reproduce:

1. Visit specific page of the application
2. Intercept the HTTP GET/POST…

Read More