![]() A local attacker may be able to elevate their privileges. This issue is fixed in macOS Monterey 12.7, macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. The issue was addressed with improved checks. ![]() Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Processing web content may lead to arbitrary code execution. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.Ī use-after-free issue was addressed with improved memory management. Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 1.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: GHSL-2023-161. ![]() There are no known workarounds for this vulnerability. Version 2023.7 addresses this issue and all users are advised to upgrade. Combined with this security advisory, may result in full compromise and remote code execution (RCE). Attackers may send malicious links/QRs to victims that, when visited, will make the victim to call arbitrary services in their Home Assistant installation. The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 1.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. ![]() Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |