Category Archives: Advisories

ZDI-24-664: (Pwn2Own) Mozilla Firefox SpiderMonkey JIT Compiler Out-Of-Bounds Write Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 5.4. The following CVEs are assigned: CVE-2024-29943.

Read More

APPLE-SA-06-10-2024-1 visionOS 1.2

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Jun 11

APPLE-SA-06-10-2024-1 visionOS 1.2

visionOS 1.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214108.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreMedia
Available for: Apple Vision Pro
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description:…

Read More

Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution

Read Time:1 Minute, 20 Second

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.

Adobe Photoshop is a raster graphics editor.
Adobe Experience Manager (AEM) is a comprehensive content management solution for building websites, mobile apps, and forms.
Adobe Audition is a comprehensive toolset that includes multitrack, waveform, and spectral display for creating, mixing, editing, and restoring audio content.
Adobe Media Encoder is an audio/video media processing program that allows users to convert files into other types of files.
Adobe FrameMaker Publishing Server is an enterprise software to automate multichannel publishing that lets you access publishing services remotely and output technical content in multiple formats and as mobile apps.
Adobe Commerce is a flexible and scalable commerce platform that lets you create personalized B2B and B2C experiences.
Adobe ColdFusion is a commercial rapid web-application development computing platform.
Adobe Substance 3D Stager a professional staging tool for scene design and rendering.
Adobe Creative Cloud is an assortment of applications and services created by Adobe that is ideal for photography, videography, design, and PDF creation.
Adobe Acrobat is a family of application software and Web services.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights

Read More

Critical Patches Issued for Microsoft Products, June 11, 2024

Read Time:24 Second

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution

Read Time:37 Second

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More