Category Archives: Advisories

APPLE-SA-2022-05-16-6 tvOS 15.5

Read Time:26 Second

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-2022-05-16-6 tvOS 15.5

tvOS 15.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213254.

AppleAVD
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-26702: an anonymous…

Read More

APPLE-SA-2022-05-16-5 watchOS 8.6

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-2022-05-16-5 watchOS 8.6

watchOS 8.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213253.

AppleAVD
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-26702: an anonymous researcher

AppleAVD…

Read More

APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6

Read Time:27 Second

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6

macOS Big Sur 11.6.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213256.

apache
Available for: macOS Big Sur
Impact: Multiple issues in apache
Description: Multiple issues were addressed by updating apache to
version 2.4.53.
CVE-2021-44224
CVE-2021-44790
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721

AppKit
Available for: macOS…

Read More

APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5

Read Time:27 Second

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5

iOS 15.5 and iPadOS 15.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213258.

AppleAVD
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel…

Read More

APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina

Security Update 2022-004 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213255.

apache
Available for: macOS Catalina
Impact: Multiple issues in apache
Description: Multiple issues were addressed by updating apache to
version 2.4.53.
CVE-2021-44224
CVE-2021-44790
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721…

Read More

APPLE-SA-2022-05-16-7 Safari 15.5

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-2022-05-16-7 Safari 15.5

Safari 15.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213260.

WebKit
Available for: macOS Big Sur and macOS Catalina
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 238178
CVE-2022-26700: ryuzaki

WebKit…

Read More

APPLE-SA-2022-05-16-8 Xcode 13.4

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-2022-05-16-8 Xcode 13.4

Xcode 13.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213261.

Git
Available for: macOS Monterey 12 or later
Impact: On multi-user machines Git users might find themselves
unexpectedly in a Git worktree
Description: A logic issue was addressed with improved state
management.
CVE-2022-24765: 俞晨东

IDE
Available for: macOS Monterey 12…

Read More

CVE-2022-24108: OpenCart’s plugin “So Listing Tabs” <= 2.2.0 Deserialization of Untrusted Data

Read Time:20 Second

Posted by Denis Mironov on May 16

[-] Affected Versions:

Version 2.2.0 is affected, and prior versions are likely affected too.

[-] Vulnerabilities Description:

Vulnerable component is switching to another tab. To exploit
vulnerability, an attacker may send a POST request (with
application/x-www-form-urlencoded content-type) to AJAX endpoint
(usually “/index.php”) with “is_ajax_listing_tabs” parameter set to
“1” and “setting” parameter…

Read More

DSA-5137 needrestart – security update

Read Time:16 Second

Jakub Wilk discovered a local privilege escalation in needrestart, a
utility to check which daemons need to be restarted after library
upgrades. Regular expressions to detect the Perl, Python, and Ruby
interpreters are not anchored, allowing a local user to escalate
privileges when needrestart tries to detect if interpreters are using
old source files.

Read More