Category Archives: Advisories

APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Jul 21

APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina

Security Update 2022-005 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213343.

APFS
Available for: macOS Catalina
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir…

Read More

APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on Jul 21

APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8

macOS Big Sur 11.6.8 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213344.

APFS
Available for: macOS Big Sur
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir (@Muirey03)…

Read More

APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6

Read Time:28 Second

Posted by Apple Product Security via Fulldisclosure on Jul 21

APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6

iOS 15.6 and iPadOS 15.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213346.

APFS
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app with root privileges may be able to execute arbitrary
code…

Read More

Open-Xchange Security Advisory 2022-07-21

Read Time:22 Second

Posted by Martin Heiland via Fulldisclosure on Jul 21

Dear subscribers,

we’re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: DOCS-4106
Vulnerability type: OS Command Injection (CWE-78)
Vulnerable…

Read More

Backdoor.Win32.Eclipse.h / Weak Hardcoded Credentials

Read Time:19 Second

Posted by malvuln on Jul 21

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/8b470931114527b4dce42034a95ebf46.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Eclipse.h
Vulnerability: Weak Hardcoded Credentials
Family: Eclipse
Type: PE32
MD5: 8b470931114527b4dce42034a95ebf46
Vuln ID: MVID-2022-0625
Disclosure: 07/21/2022
Description: The malware listens on TCP port 6210 and…

Read More

golang-github-distribution-3-2.8.0~beta.1-3.20220203gitb609265.fc36 golang-github-facebook-time-0-0.9.20220615git8413c32.fc36 golang-github-hpcloud-tail-1.0.0-11.20190325gita1dbeea.fc36 golang-github-stomp-3-3.0.2-4.fc36 onionscan-0.2-12.fc36

Read Time:27 Second

FEDORA-2022-4b5537c44c

Packages in this update:

golang-github-distribution-3-2.8.0~beta.1-3.20220203gitb609265.fc36
golang-github-facebook-time-0-0.9.20220615git8413c32.fc36
golang-github-hpcloud-tail-1.0.0-11.20190325gita1dbeea.fc36
golang-github-stomp-3-3.0.2-4.fc36
onionscan-0.2-12.fc36

Update description:

Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang

See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.

Read More

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

Read Time:58 Second

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.

iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
macOS Catalina is the 16th major release of macOS
macOS Big Sur is the 17th release of macOS.
macOS Monterey is the 18th and current major release of macOS.
Safari is a graphical web browser developed by Apple.
tvOS is an operating system for fourth-generation Apple TV digital media player.
watchOS is the mobile operating system for Apple Watch and is based on the iOS operating system.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More