seclist.org

Posted by Apple Product Security via Fulldisclosure on Sep 24

APPLE-SA-2021-09-23-1 iOS 12.5.5

iOS 12.5.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212824.

CoreGraphics
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad
mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have
been...

Posted by Apple Product Security via Fulldisclosure on Sep 24

APPLE-SA-2021-09-23-2 Security Update 2021-006 Catalina

Security Update 2021-006 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212825.

XNU
Available for: macOS Catalina
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
Description: A type...

Posted by Advisories on Sep 24

#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: openvpn-monitor
# Vendor: https://github.com/furlongm/openvpn-monitor
# CSNC ID: CSNC-2021-011
# CVE ID: CVE-2021-31604
# Subject: Cross-Site Request Forgery (CSRF)
# Severity: Medium
# Effect: Denial of Service
#...

Posted by Advisories on Sep 24

#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: openvpn-monitor
# Vendor: https://github.com/furlongm/openvpn-monitor
# CSNC ID: CSNC-2021-010
# CVE ID: CVE-2021-31605
# Subject: OpenVPN Management Socket Command Injection
# Severity: High
# Effect: Denial of...

Posted by Advisories on Sep 24

#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: openvpn-monitor
# Vendor: https://github.com/furlongm/openvpn-monitor
# CSNC ID: CSNC-2021-009
# CVE ID: CVE-2021-31606
# Subject: Authorization Bypass
# Severity: Medium
# Effect: Denial of Service
# Author:...

Posted by malvuln on Sep 21

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/3c407448a00b2d53b2418f53b66d5b6b.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Minilash.10.b
Vulnerability: Remote Denial of Service (UDP Datagram)
Description: The Minilash malware listens on TCP 6711 and UDP port 60000.
Third-party attackers who can reach infected systems can send a specially
crafted junk...

Posted by malvuln on Sep 21

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/a344b767d58b6c83b92bb868727e021c.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hupigon.asqx
Vulnerability: Unauthenticated Open Proxy
Description: The malware listens on TCP port 8080. Third-party attackers
who can connect to the infected system can relay requests from the original
connection to the...

Posted by malvuln on Sep 21

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/095651e1704b501123b41ea2e9736820.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Agent.xaamkd
Vulnerability: Insecure Permissions
Description: The malware creates an dir with insecure permissions under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can rename the...

Posted by product-security-noreply--- via Fulldisclosure on Sep 21

APPLE-SA-2021-09-20-10 iTunes 12.12 for Windows

iTunes 12.12 for Windows addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212817.

ImageIO
Available for: Windows 10 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30835: Ye Zhang of Baidu Security
CVE-2021-30847:...

Posted by product-security-noreply--- via Fulldisclosure on Sep 21

APPLE-SA-2021-09-20-9 iTunes U 3.8.3

iTunes U 3.8.3 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT212809.

iTunes U
Available for: iOS 12.4 and later or iPadOS 12.4 and later
Impact: Processing a maliciously crafted URL may lead to arbitrary
javascript code execution
Description: A validation issue was addressed with improved input
sanitization.
CVE-2021-30862: Giyas...

Posted by product-security-noreply--- via Fulldisclosure on Sep 21

APPLE-SA-2021-09-20-8 Additional information for
APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina

Security Update 2021-005 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212805.

CoreGraphics
Available for: macOS Catalina
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have...

Posted by product-security-noreply--- via Fulldisclosure on Sep 21

APPLE-SA-2021-09-20-7 Additional information for
APPLE-SA-2021-09-13-3 macOS Big Sur 11.6

macOS Big Sur 11.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212804.

CoreGraphics
Available for: macOS Big Sur
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have
been actively exploited....

Posted by product-security-noreply--- via Fulldisclosure on Sep 21

APPLE-SA-2021-09-20-6 Additional information for
APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8

iOS 14.8 and iPadOS 14.8 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212807.

Bluetooth
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote...

Posted by product-security-noreply--- via Fulldisclosure on Sep 21

APPLE-SA-2021-09-20-5 Safari 15

Safari 15 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT212816.

WebKit
Available for: macOS Big Sur and macOS Catalina
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30846: Sergei Glazunov of Google Project...

Posted by product-security-noreply--- via Fulldisclosure on Sep 21

APPLE-SA-2021-09-20-4 Xcode 13

Xcode 13 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT212818.

IDE Xcode Server
Available for: macOS Big Sur 11.3 and later
Impact: Multiple issues in nginx
Description: Multiple issues were addressed by updating nginx to
version 1.21.0.
CVE-2016-0742
CVE-2016-0746
CVE-2016-0747
CVE-2017-7529
CVE-2018-16843
CVE-2018-16844
CVE-2018-16845...

Posted by product-security-noreply--- via Fulldisclosure on Sep 21

APPLE-SA-2021-09-20-3 tvOS 15

tvOS 15 addresses the following issues. Information about the security
content is also available at https://support.apple.com/HT212815.

Accessory Manager
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2021-30837: an anonymous researcher

FontParser...

Posted by product-security-noreply--- via Fulldisclosure on Sep 21

APPLE-SA-2021-09-20-2 watchOS 8

watchOS 8 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT212819.

Accessory Manager
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2021-30837: an anonymous researcher...

Posted by product-security-noreply--- via Fulldisclosure on Sep 21

APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15

iOS 15 and iPadOS 15 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT212814.

Accessory Manager
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with...

Posted by BSidesSF CFP via Fulldisclosure on Sep 21

BSidesSF is soliciting presentations and workshops for the 2022 annual
BSidesSF conference (in-person!).

CFP: https://bsidessf.org/cfp
CFW: https://bsidessf.org/cfw

** Topics **

All topic areas related to reliability, application security, web security,
network security, privacy, cryptography, and information security are of
interest and in scope.

Let us help you get the word out on The Next Big Thing!

** Theme **

From the Ground Up!, to...

Posted by hyp3rlinx on Sep 21

https://www.youtube.com/watch?v=wYYgjV-PzD8