Posted by Apple Product Security via Fulldisclosure on Jan 26
APPLE-SA-01-22-2024-7 macOS Monterey 12.7.3
macOS Monterey 12.7.3 addresses the following issues.
Information about the security content is also available at https://support.apple.com/kb/HT214057.
Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
Accessibility
Available for: macOS Monterey
Impact: An app may be able to access sensitive user data…
Posted by Apple Product Security via Fulldisclosure on Jan 26
APPLE-SA-01-22-2024-6 macOS Ventura 13.6.4
macOS Ventura 13.6.4 addresses the following issues.
Information about the security content is also available at https://support.apple.com/kb/HT214058.
Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
Apple Neural Engine
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with…
Posted by Apple Product Security via Fulldisclosure on Jan 26
APPLE-SA-01-22-2024-4 iOS 15.8.1 and iPadOS 15.8.1
iOS 15.8.1 and iPadOS 15.8.1 addresses the following issues.
Information about the security content is also available at https://support.apple.com/kb/HT214062.
Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE
(1st generation),…
Posted by Apple Product Security via Fulldisclosure on Jan 26
APPLE-SA-01-22-2024-3 iOS 16.7.5 and iPadOS 16.7.5
iOS 16.7.5 and iPadOS 16.7.5 addresses the following issues.
Information about the security content is also available at https://support.apple.com/kb/HT214063.
Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
Posted by Apple Product Security via Fulldisclosure on Jan 26
APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3
iOS 17.3 and iPadOS 17.3 addresses the following issues.
Information about the security content is also available at https://support.apple.com/kb/HT214059.
Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone XS and later,
iPad Pro…
Posted by Valentin Lobstein via Fulldisclosure on Jan 26
CVE ID: CVE-2024-22903
Title: Command Injection Vulnerability in SystemHandler.class.php of Vinchin Backup & Recovery Versions 7.2 and Earlier
Description:
A significant security vulnerability, CVE-2024-22903, has been identified in the `deleteUpdateAPK` function within the
`SystemHandler.class.php` file of Vinchin Backup & Recovery software, affecting versions 7.2 and earlier. This
function, designed to delete APK files, is prone to…
Suggested Description:
Vinchin Backup & Recovery version 7.2 has been identified as being configured with default root credentials, posing a
significant security vulnerability.
Additional Information:
There is no documentation or guidance from Vinchin on changing the root password for this version. The use of password
authentication…
Posted by Valentin Lobstein via Fulldisclosure on Jan 26
CVE ID: CVE-2024-22899
Title: Command Injection Vulnerability in Vinchin Backup and Recovery’s syncNtpTime Function in Versions 7.2 and Earlier
Description:
A critical security vulnerability, identified as CVE-2024-22899, has been discovered in the `syncNtpTime` function of
Vinchin Backup and Recovery software. This issue affects versions 7.2 and earlier. The function, part of the
`SystemHandler.class.php` file, is designed for…
