Category Archives: Advisories

APPLE-SA-03-25-2024-2 macOS Sonoma 14.4.1

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-03-25-2024-2 macOS Sonoma 14.4.1

macOS Sonoma 14.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214096.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreMedia
Available for: macOS Sonoma
Impact: Processing an image may lead to arbitrary code execution…

Read More

APPLE-SA-03-25-2024-3 macOS Ventura 13.6.6

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-03-25-2024-3 macOS Ventura 13.6.6

macOS Ventura 13.6.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214095.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreMedia
Available for: macOS Ventura
Impact: Processing an image may lead to arbitrary code execution…

Read More

APPLE-SA-03-25-2024-4 iOS 17.4.1 and iPadOS 17.4.1

Read Time:27 Second

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-03-25-2024-4 iOS 17.4.1 and iPadOS 17.4.1

iOS 17.4.1 and iPadOS 17.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214097.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreMedia
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad…

Read More

APPLE-SA-03-25-2024-5 iOS 16.7.7 and iPadOS 16.7.7

Read Time:27 Second

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-03-25-2024-5 iOS 16.7.7 and iPadOS 16.7.7

iOS 16.7.7 and iPadOS 16.7.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214098.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreMedia
Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation,
iPad Pro…

Read More

APPLE-SA-03-25-2024-6 visionOS 1.1.1

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-03-25-2024-6 visionOS 1.1.1

visionOS 1.1.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214093.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreMedia
Available for: Apple Vision Pro
Impact: Processing an image may lead to arbitrary code execution
Description: An…

Read More

Escape sequence injection in util-linux wall (CVE-2024-28085)

Read Time:17 Second

Posted by Skyler Ferrante (RIT Student) via Fulldisclosure on Mar 27

Wall-Escape (CVE-2024-28085)

Skyler Ferrante: Escape sequence injection in util-linux wall

=================================================================
Summary
=================================================================

The util-linux wall command does not filter escape sequences from
command line arguments. The vulnerable code was introduced in
commit cdd3cc7fa4 (2013). Every version since has been
vulnerable.

This allows…

Read More

Win32.STOP.Ransomware (smokeloader) / Remote Code Execution (MITM)

Read Time:19 Second

Posted by malvuln on Mar 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/3b9e9e130d52fe95c8be82aa4b8feb74.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Win32.STOP.Ransomware (smokeloader)
Vulnerability: Remote Code Execution (MITM)
Family: Stop
Type: PE32
MD5 3b9e9e130d52fe95c8be82aa4b8feb74
Vuln ID: MVID-2024-0676
Disclosure: 03/22/2024
Description:
There are two roads to…

Read More

Circontrol EV Charger vulnerabilities (CVE-2020-8006, CVE-2020-8007)

Read Time:28 Second

Posted by Dariusz G on Mar 27

Circontrol EV Charger vulnerabilities.

1. CVE-2020-8006 Pre-Auth Stack Based Buffer Overflow
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (10)

The server in Circontrol Raption through 5.11.2 has a pre-authentication
stack-based buffer overflow that can be exploited to gain run-time control
of the device as root.

When the server parses the HTTP headers and finds the Basic-Authentication
tag it will call a base64 decode function. This function…

Read More

[IWCC 2024] CfP: 13th International Workshop on Cyber Crime – Vienna, Austria, July 30 – Aug 02, 2024

Read Time:22 Second

Posted by Artur Janicki via Fulldisclosure on Mar 27

[APOLOGIES FOR CROSS-POSTING]

CALL FOR PAPERS
13th International Workshop on Cyber Crime (IWCC 2024 –
https://www.ares-conference.eu/iwcc/)
to be held in conjunction with the 19th International Conference on
Availability, Reliability and Security (ARES 2024 –
http://www.ares-conference.eu)

July 30 – August 02, 2024, Vienna, Austria

IMPORTANT DATES
Submission Deadline May 12, 2024
Author Notification May 29, 2024
Proceedings Version…

Read More