Category Archives: Advisories

APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6

macOS Monterey 12.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213444.

AppleMobileFileIntegrity
Available for: macOS Monterey
Impact: An app may be able to access user-sensitive data
Description: An issue in code signature validation was addressed with
improved checks….

Read More

APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1

macOS Monterey 12.6.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213494.

AppleMobileFileIntegrity
Available for: macOS Monterey
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements….

Read More

APPLE-SA-2022-10-24-7 Safari 16.1

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-24-7 Safari 16.1

Safari 16.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213495.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 243693
CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee…

Read More

APPLE-SA-2022-10-24-6 tvOS 16.1

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-24-6 tvOS 16.1

tvOS 16.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213492.

AppleMobileFileIntegrity
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin…

Read More

APPLE-SA-2022-10-24-5 watchOS 9.1

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-24-5 watchOS 9.1

watchOS 9.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213491.

AppleMobileFileIntegrity
Available for: Apple Watch Series 4 and later
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin (@patch1t)

AVEVideoEncoder…

Read More

Email-Worm.Win32.Kipis.c / Remote File Write Code Execution

Read Time:21 Second

Posted by malvuln on Oct 30

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/8d0df60c96e4011c312d61ed3e6dc70e.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Email-Worm.Win32.Kipis.c
Vulnerability: Remote File Write Code Execution
Description: The malware listens on TCP port 8297. Third-party adversaries
who can reach the infected host can write executable code to a file named…

Read More

Backdoor.Win32.Psychward.10 / Unauthenticated Remote Command Execution

Read Time:19 Second

Posted by malvuln on Oct 30

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/70c5f8d61f6ac67091c0c5860e456427.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Psychward.10
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 13013. Third-party adversarys
who can reach infected systems can issue various commands made available by…

Read More

Backdoor.Win32.Delf.arh / Authentication Bypass

Read Time:19 Second

Posted by malvuln on Oct 30

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/b3b19524967d22d6eb7517b03b660b00.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Delf.arh
Vulnerability: Authentication Bypass
Description: The malware runs an FTP server. Third-party adversarys who
can reach infected systems can logon using any username/password
combination. Intruders may then…

Read More

APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1

macOS Big Sur 11.7.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213493.

AppleMobileFileIntegrity
Available for: macOS Big Sur
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin (@patch1t)

Ruby
Available…

Read More

APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1

macOS Monterey 12.6.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213494.

AppleMobileFileIntegrity
Available for: macOS Monterey
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin (@patch1t)

Ruby…

Read More