FEDORA-2023-41bdb7dba8

Packages in this update:

polkit-122-3.fc38.1

Update description:

config file permission change to increase security of polkitd

Read More

This vulnerability allows network-adjacent attackers to disclose sensitive information on Microsoft Azure. Authentication is not required to exploit this vulnerability.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Read More

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must connect a malicious Bluetooth device.

Read More

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability.

Read More

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must open a remote desktop session to a host that has been compromised or otherwise under control of an attacker.

Read More

Posted by Apple Product Security via Fulldisclosure on Apr 10

APPLE-SA-2023-04-10-3 macOS Big Sur 11.7.6

macOS Big Sur 11.7.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213725.

IOSurfaceAccelerator
Available for: macOS Big Sur
Impact: An app may be able to execute arbitrary code with kernel
privileges. Apple is aware of a report that this issue may have been
actively exploited.
Description: An out-of-bounds write issue was…

Read More

Posted by Apple Product Security via Fulldisclosure on Apr 10

APPLE-SA-2023-04-10-1 iOS 15.7.5 and iPadOS 15.7.5

iOS 15.7.5 and iPadOS 15.7.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213723.

IOSurfaceAccelerator
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod
touch (7th generation)
Impact: An app may be able to execute arbitrary code with…

Read More

Posted by Apple Product Security via Fulldisclosure on Apr 10

APPLE-SA-2023-04-10-2 macOS Monterey 12.6.5

macOS Monterey 12.6.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213724.

IOSurfaceAccelerator
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges. Apple is aware of a report that this issue may have been
actively exploited.
Description: An out-of-bounds write issue was…

Read More