Post Content
Category Archives: Advisories
GLSA 202210-34: Mozilla Firefox: Multiple Vulnerabilities
GLSA 202210-42: zlib: Multiple vulnerabilities
APPLE-SA-2022-10-27-15 Additional information for APPLE-SA-2022-10-24-7 Safari 16.1
Posted by Apple Product Security via Fulldisclosure on Oct 30
APPLE-SA-2022-10-27-15 Additional information for APPLE-SA-2022-10-24-7 Safari 16.1
Safari 16.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213495.
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 243693…
APPLE-SA-2022-10-27-14 Additional information for APPLE-SA-2022-09-12-5 Safari 16
Posted by Apple Product Security via Fulldisclosure on Oct 30
APPLE-SA-2022-10-27-14 Additional information for APPLE-SA-2022-09-12-5 Safari 16
Safari 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213442.
Safari Extensions
Available for: macOS Big Sur and macOS Monterey
Impact: A website may be able to track users through Safari web
extensions
Description: A logic issue was addressed with improved state
management.
WebKit…
APPLE-SA-2022-10-27-13 watchOS 9
Posted by Apple Product Security via Fulldisclosure on Oct 30
APPLE-SA-2022-10-27-13 watchOS 9
watchOS 9 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213486.
Accelerate Framework
Available for: Apple Watch Series 4 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2022-42795: ryuzaki
AppleAVD…
APPLE-SA-2022-10-27-12 Additional information for APPLE-SA-2022-10-24-5 watchOS 9.1
Posted by Apple Product Security via Fulldisclosure on Oct 30
APPLE-SA-2022-10-27-12 Additional information for APPLE-SA-2022-10-24-5 watchOS 9.1
watchOS 9.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213491.
AppleMobileFileIntegrity
Available for: Apple Watch Series 4 and later
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements….
APPLE-SA-2022-10-27-11 tvOS 16
Posted by Apple Product Security via Fulldisclosure on Oct 30
APPLE-SA-2022-10-27-11 tvOS 16
tvOS 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213487.
Accelerate Framework
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2022-42795:…
APPLE-SA-2022-10-27-10 Additional information for APPLE-SA-2022-10-24-6 tvOS 16.1
Posted by Apple Product Security via Fulldisclosure on Oct 30
APPLE-SA-2022-10-27-10 Additional information for APPLE-SA-2022-10-24-6 tvOS 16.1
tvOS 16.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213492.
AppleMobileFileIntegrity
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing…
APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7
Posted by Apple Product Security via Fulldisclosure on Oct 30
APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7
macOS Big Sur 11.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213443.
AppleMobileFileIntegrity
Available for: macOS Big Sur
Impact: An app may be able to access user-sensitive data
Description: An issue in code signature validation was addressed with
improved checks….