Hiroyuki Yamamori discovered that rsh incorrectly handled certain
filenames. If a user or automated system were tricked into connecting to a
malicious rsh server, a remote attacker could possibly use this issue to
modify directory permissions.
Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.
GarageBand is an audio tool
iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
Logic Pro X is a digital audio workstation
macOS Monterey is the 18th and current major release of macOS.
macOS Big Sur is the 17th release of macOS.
macOS Catalina is the 16th major release of macOS
watchOS is the mobile operating system for Apple Watch and is based on the iOS operating system.
tvOS is an operating system for fourth-generation Apple TV digital media player.
Xcode is Apple’s integrated development environment for macOS
Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.
cabal-rpm-2.0.11-1.fc34
take build-tool-depends into account (#65)
‘spec’,’update’: detect autorelease and preserve autochangelog (#66)
‘spec –standalone’: strip executable
support _builddir
cabal-rpm-2.0.11-1.fc35
take build-tool-depends into account (#65)
‘spec’,’update’: detect autorelease and preserve autochangelog (#66)
‘spec –standalone’: strip executable
support _builddir
Posted by Apple Product Security via Fulldisclosure on Mar 14
APPLE-SA-2022-03-14-4 macOS Monterey 12.3
macOS Monterey 12.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213183.
Accelerate Framework
Available for: macOS Monterey
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state…
Posted by Apple Product Security via Fulldisclosure on Mar 14
APPLE-SA-2022-03-14-2 watchOS 8.5
watchOS 8.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213193.
Accelerate Framework
Available for: Apple Watch Series 3 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state…
Posted by Apple Product Security via Fulldisclosure on Mar 14
APPLE-SA-2022-03-14-1 iOS 15.4 and iPadOS 15.4
iOS 15.4 and iPadOS 15.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213182.
Accelerate Framework
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Opening a maliciously crafted PDF file may lead to…
Posted by Apple Product Security via Fulldisclosure on Mar 14
APPLE-SA-2022-03-14-3 tvOS 15.4
tvOS 15.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213186.
AppleAVD
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-22666: Marc Schoenefeld, Dr. rer. nat.
AVEVideoEncoder…
Posted by Apple Product Security via Fulldisclosure on Mar 14
APPLE-SA-2022-03-14-5 macOS Big Sur 11.6.5
macOS Big Sur 11.6.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213184.
Accelerate Framework
Available for: macOS Big Sur
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state…
Posted by Apple Product Security via Fulldisclosure on Mar 14
APPLE-SA-2022-03-14-10 iTunes 12.12.3 for Windows
iTunes 12.12.3 for Windows addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213188.
ImageIO
Available for: Windows 10 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2022-22611: Xingyu Jin of…
