Posted by malvuln on Oct 30

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/b3b19524967d22d6eb7517b03b660b00.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Delf.arh
Vulnerability: Authentication Bypass
Description: The malware runs an FTP server. Third-party adversarys who
can reach infected systems can logon using any username/password
combination. Intruders may then…

Read More

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1

macOS Big Sur 11.7.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213493.

AppleMobileFileIntegrity
Available for: macOS Big Sur
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin (@patch1t)

Ruby
Available…

Read More

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1

macOS Monterey 12.6.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213494.

AppleMobileFileIntegrity
Available for: macOS Monterey
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin (@patch1t)

Ruby…

Read More

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-24-2 macOS Ventura 13

macOS Ventura 13 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213488.

Accelerate Framework
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: Processing a maliciously…

Read More

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16

iOS 16.1 and iPadOS 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213489.

AppleMobileFileIntegrity
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to modify protected parts of the file…

Read More

FEDORA-2022-667ee398b1

Packages in this update:

mingw-binutils-2.38-5.fc37

Update description:

Backport fixes for CVE-2021-3826 and CVE-2022-38533.

Read More

FEDORA-2022-19538a3732

Packages in this update:

mingw-binutils-2.37-5.fc36

Update description:

Backport fixes for CVE-2021-3826 and CVE-2022-38533.

Read More

FEDORA-2022-affcf9eea6

Packages in this update:

mingw-gdb-12.1-2.fc36

Update description:

Update to 12.1, fixes CVE-2021-3826.

Read More

A heap use-after-free vulnerability after overeager destruction of a
shared DTD in the XML_ExternalEntityParserCreate function in Expat, an
XML parsing C library, may result in denial of service or potentially
the execution of arbitrary code.

Read More

Nicky Mouha discovered a buffer overflow in sha3, a Python library for
the SHA-3 hashing functions.

Read More