Posted by Apple Product Security via Fulldisclosure on Nov 21
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
iOS 18.1.1 and iPadOS 18.1.1 addresses the following issues.
Information about the security content is also available at https://support.apple.com/121752.
Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent
software updates with security advisories.
JavaScriptCore
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation…
Nosebeard Labs is pleased to share its latest advisory, detailing a
bypass of Apple’s system wide web content filter. The HTML version of
this advisory is also available at: https://nosebeard.co/advisories/nbl-001.html
Warmest regards,
Nosebeard Labs
## Summary
Nosebeard Labs Security Advisory NBL-001
Title: Apple web content filter bypass allows unrestricted access to
blocked content…
It was discovered that ZBar did not properly handle certain QR codes. If a
user or automated system using ZBar were tricked into opening a specially
crafted file, an attacker could possibly use this to obtain sensitive
information. (CVE-2023-40889)
It was discovered that ZBar did not properly handle certain QR codes. If a
user or automated system using ZBar were tricked into opening a specially
crafted file, an attacker could possibly use this to obtain sensitive
information. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04
LTS. (CVE-2023-40890)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11581.
