Category Archives: Advisories

APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1

macOS Monterey 12.6.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213494.

AppleMobileFileIntegrity
Available for: macOS Monterey
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements….

Read More

APPLE-SA-2022-10-24-7 Safari 16.1

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-24-7 Safari 16.1

Safari 16.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213495.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 243693
CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee…

Read More

APPLE-SA-2022-10-24-6 tvOS 16.1

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-24-6 tvOS 16.1

tvOS 16.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213492.

AppleMobileFileIntegrity
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin…

Read More

APPLE-SA-2022-10-24-5 watchOS 9.1

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-24-5 watchOS 9.1

watchOS 9.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213491.

AppleMobileFileIntegrity
Available for: Apple Watch Series 4 and later
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin (@patch1t)

AVEVideoEncoder…

Read More

Email-Worm.Win32.Kipis.c / Remote File Write Code Execution

Read Time:21 Second

Posted by malvuln on Oct 30

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/8d0df60c96e4011c312d61ed3e6dc70e.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Email-Worm.Win32.Kipis.c
Vulnerability: Remote File Write Code Execution
Description: The malware listens on TCP port 8297. Third-party adversaries
who can reach the infected host can write executable code to a file named…

Read More

Backdoor.Win32.Psychward.10 / Unauthenticated Remote Command Execution

Read Time:19 Second

Posted by malvuln on Oct 30

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/70c5f8d61f6ac67091c0c5860e456427.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Psychward.10
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 13013. Third-party adversarys
who can reach infected systems can issue various commands made available by…

Read More

Backdoor.Win32.Delf.arh / Authentication Bypass

Read Time:19 Second

Posted by malvuln on Oct 30

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/b3b19524967d22d6eb7517b03b660b00.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Delf.arh
Vulnerability: Authentication Bypass
Description: The malware runs an FTP server. Third-party adversarys who
can reach infected systems can logon using any username/password
combination. Intruders may then…

Read More

APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1

macOS Big Sur 11.7.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213493.

AppleMobileFileIntegrity
Available for: macOS Big Sur
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin (@patch1t)

Ruby
Available…

Read More

APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1

macOS Monterey 12.6.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213494.

AppleMobileFileIntegrity
Available for: macOS Monterey
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin (@patch1t)

Ruby…

Read More

APPLE-SA-2022-10-24-2 macOS Ventura 13

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-24-2 macOS Ventura 13

macOS Ventura 13 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213488.

Accelerate Framework
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: Processing a maliciously…

Read More