Category Archives: Advisories

APPLE-SA-2022-03-14-10 iTunes 12.12.3 for Windows

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on Mar 14

APPLE-SA-2022-03-14-10 iTunes 12.12.3 for Windows

iTunes 12.12.3 for Windows addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213188.

ImageIO
Available for: Windows 10 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2022-22611: Xingyu Jin of…

Read More

APPLE-SA-2022-03-14-7 Xcode 13.3

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Mar 14

APPLE-SA-2022-03-14-7 Xcode 13.3

Xcode 13.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213189.

iTMSTransporter
Available for: macOS Monterey 12 and later
Impact: Multiple issues in iTMSTransporter
Description: Multiple issues were addressed with updating FasterXML
jackson-databind and Apache Log4j2.
CVE-2019-14379
CVE-2021-44228

otool
Available for: macOS Monterey 12…

Read More

APPLE-SA-2022-03-14-6 Security Update 2022-003 Catalina

Read Time:23 Second

Posted by Apple Product Security via Fulldisclosure on Mar 14

APPLE-SA-2022-03-14-6 Security Update 2022-003 Catalina

Security Update 2022-003 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213185.

AppleGraphicsControl
Available for: macOS Catalina
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22631: an anonymous…

Read More

APPLE-SA-2022-03-14-9 GarageBand 10.4.6

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Mar 14

APPLE-SA-2022-03-14-9 GarageBand 10.4.6

GarageBand 10.4.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213191.

MIDI
Available for: macOS Big Sur 11.5 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory initialization issue was addressed with
improved memory handling….

Read More

APPLE-SA-2022-03-14-8 Logic Pro X 10.7.3

Read Time:26 Second

Posted by Apple Product Security via Fulldisclosure on Mar 14

APPLE-SA-2022-03-14-8 Logic Pro X 10.7.3

Logic Pro X 10.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213190. You can encrypt communications with Apple using the Apple Product
Security PGP Key.
Apple security documents reference vulnerabilities by CVE-ID when
possible.

MIDI
Available for: macOS Big Sur 11.5 and later
Impact: Opening a maliciously crafted file may lead…

Read More

Hades RAT – Web Panel / Insecure Credential Storage

Read Time:18 Second

Posted by malvuln on Mar 14

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/c4cc1317aea42f7dd4a1b786c5278a24.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Hades RAT – Web Panel
Vulnerability: Insecure Credential Storage
Family: Hades
Type: WebUI
MD5: c4cc1317aea42f7dd4a1b786c5278a24
MD5: a117b7fa4691b766dd5aa6455438fded (strings.ini)
Vuln ID: MVID-2022-0512
Disclosure: 03/13/2022
Description: The…

Read More

RedLine.MainPanel – cracked.exe / Insecure Permissions

Read Time:19 Second

Posted by malvuln on Mar 14

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/baf102927947289e4d589028620ce291.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: RedLine.MainPanel – cracked.exe
Vulnerability: Insecure Permissions
Description: The malware writes PE files with insecure permissions to c
drive granting change (C) permissions to the authenticated user group.
Standard users can rename the…

Read More

CVE-2021-45040 – Laravel Media Library Pro <=2.1.6 – Arbitrary File Upload (Unauthenticated)

Read Time:26 Second

Posted by Kelvin Yip on Mar 14

Hi Team,

Here is the exploit information for CVE-2021-45040.

Below is summary of timeline for reference:

1. Contact developer (security contact: Freek) regarding the vulnerability at Mon 12/13/2021 11:42 AM (GMT+8)
2. Contact CERT.org at Mon 12/13/2021 10:36 PM
3. Submit CVE Request to Mitre at Mon 12/13/2021 11:30 PM
4. No response from vendor until now.
5. Possible solution had been documented by our research team:…

Read More

cabal-rpm-2.0.11-1.fc36

Read Time:11 Second

FEDORA-2022-0b216519ff

Packages in this update:

cabal-rpm-2.0.11-1.fc36

Update description:

take build-tool-depends into account (#65)
‘spec’,’update’: detect autorelease and preserve autochangelog (#66)
‘spec –standalone’: strip executable
support _builddir

Read More