Posted by Apple Product Security via Fulldisclosure on Nov 15
APPLE-SA-2022-11-09-2 macOS Ventura 13.0.1
macOS Ventura 13.0.1 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213504.
libxml2
Available for: macOS Ventura
Impact: A remote user may be able to cause unexpected app termination
or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2022-40303: Maddie Stone of Google…
Posted by Apple Product Security via Fulldisclosure on Nov 15
APPLE-SA-2022-11-09-1 iOS 16.1.1 and iPadOS 16.1.1
iOS 16.1.1 and iPadOS 16.1.1 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213505.
libxml2
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: A remote user may be able to cause unexpected app termination…
Threat: HEUR:Trojan.MSIL.Agent.gen
Vulnerability: Information Disclosure
Description: the malware runs an HTTP service on port 19334. Attackers who
can reach an infected host can make HTTP GET requests to download and or
stat arbitrary files…
Threat: Backdoor.Win32.Aphexdoor.LiteSock
Vulnerability: Remote Stack Buffer Overflow (SEH)
Description: The malware drops an extensionless PE file named “3” which
listens on TCP port 1080. Third-party attackers who can reach an…
This report is being published within a coordinated disclosure
procedure. The researcher has been in contact with the vendor
but not received a satisfactory response within a given time
frame. As the attack complexity is low and exploits have already
been published by a third party there must be no further delay
in making the threads publicly known.
The researcher prefers not to take credit for their findings.
