Category Archives: Advisories

ZDI-24-1283: Apple macOS ImageIO JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Read Time:16 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-44176.

Read More

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Read Time:28 Second

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

USN-7033-1: Intel Microcode vulnerabilities

Read Time:22 Second

It was discovered that some Intel(R) Processors did not properly restrict
access to the Running Average Power Limit (RAPL) interface. This may allow
a local privileged attacker to obtain sensitive information.
(CVE-2024-23984)

It was discovered that some Intel(R) Processors did not properly implement
finite state machines (FSMs) in hardware logic. This may allow a local
privileged attacker to cause a denial of service (system crash).
(CVE-2024-24968)

Read More