Nosebeard Labs has identified a critical vulnerability in the Apple system wide web content filter that allows a full bypass of content restrictions. This vulnerability, which occurs specifically when Screen Time content filtering settings are enabled, permits users or attackers to access restricted websites in Safari without detection. The timeline in this advisory is probably the most interesting thing to note. It shows a Fortune 10 ignoring a concern for years until a news article gets written, and that is truly disappointing. Do better Tim.
dac23cf7b975a01eefba7d69a286e43f5f4af5b56cf17d643a27e418ee7e60edApple Security Advisory 11-19-2024-5 - macOS Sequoia 15.1.1 addresses code execution vulnerabilities.
673b14a99725a70874faebe9587a107cc5fbae5423965b93d84ad6e8a0b21673Apple Security Advisory 11-19-2024-4 - iOS 17.7.2 and iPadOS 17.7.2 addresses code execution vulnerabilities.
25e2616d143e5a6c02a25baf655b4c3ddde1a0de992a7276ba8e26c156982841Apple Security Advisory 11-19-2024-3 - iOS 18.1.1 and iPadOS 18.1.1 addresses code execution vulnerabilities.
1811cd2f89b56c17afd3dd246138796cc0278ab19801137b1d427a1c4b2ee94bApple Security Advisory 11-19-2024-2 - visionOS 2.1.1 addresses code execution vulnerabilities.
23762c69b876df7ea45363b0d369784623a71b315ca3de500c66fe2e7d75aee6Apple Security Advisory 11-19-2024-1 - Safari 18.1.1 addresses code execution vulnerabilities.
e8625a7795bae049e74c2905f0849b2c45981599d8800998e9f004c010560320Apple Security Advisory 10-29-2024-1 - Safari 18.1 addresses an information leakage vulnerability.
0dd01065224021561e127b177e2c1247b87c84d4c78ddb4a6c229ce1b1475210Apple Security Advisory 10-28-2024-8 - visionOS 2.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
4a4d19451dcec351f697ed0716c2eb721eb13541df88e0e1b4b92f6f69c1f33aApple Security Advisory 10-28-2024-7 - tvOS 18.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
4dbe9b15531204c936e91b6526bc21fb2f9cae885c9e0692664d45d67f54933aApple Security Advisory 10-28-2024-6 - watchOS 11.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
525b4bdbe8cdfa817c5c7864cc44239e85f0ca6c2db97e406168b72347cf65ddApple Security Advisory 10-28-2024-5 - macOS Ventura 13.7.1 addresses bypass, information leakage, out of bounds access, out of bounds read, and out of bounds write vulnerabilities.
f6b8a6a11547a7ea1e34705f88f7b9e7a85e42d1e109ba73e3e767bae2914badApple Security Advisory 10-28-2024-4 - macOS Sonoma 14.7.1 addresses buffer overflow, bypass, information leakage, out of bounds access, out of bounds read, and out of bounds write vulnerabilities.
46109958546ee7aede47d47158c9f7c7b0bae37261b03c0409dd13eb565c77e5Apple Security Advisory 10-28-2024-3 - macOS Sequoia 15.1 addresses bypass, information leakage, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
d5dbf0c65f72566b9be057760bac7a73e25237374e8c784ff7de9d54c776e93cApple Security Advisory 10-28-2024-2 - iOS 17.7.1 and iPadOS 17.7.1 addresses buffer overflow, information leakage, and out of bounds read vulnerabilities.
199f9a81e47da6d8a1755b0ad00579bb1352d7270a5b119f9c6e9e141053ef60Apple Security Advisory 10-28-2024-1 - iOS 18.1 and iPadOS 18.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
58ebd9a8848273bbaf0756f4668c6c27304a6f655c30a087d66ed0abfba7c73eApple Security Advisory 10-03-2024-1 - iOS 18.0.1 and iPadOS 18.0.1 addresses an audio capturing issue and a logic issue related to passwords being read aloud.
7a39384feb5bf0709416f2a6a7dffb70b4e36d44e2e371744db1d68be2719b3cThis is a thorough write up of how to exploit a local privilege escalation vulnerability in iTunes for Windows version 12.13.2.3. Apple fixed this in version 12.13.3.
d695b4f1b1028346552105f4ee8239edee8add156e7b797895b5d5337070f75fA mitigation bypass / privilege escalation flaw has been discovered in Apple's iOS Screen Time functionality, granting one access to modify the restrictions. It allows a local attacker to acquire the Screen Time Passcode by bypassing the anti-bruteforce protections on the four-digit Passcode, and in consequence gaining total control over Screen Time (Parental Control) settings. Versions lower than 18 are affected.
75666d1dc71fb63eadc1180b8fde8bebebfa673977a37f948bb5e8bd009bd6f8Apple Security Advisory 09-16-2024-10 - macOS Ventura 13.7 addresses buffer overflow, bypass, out of bounds access, out of bounds read, and spoofing vulnerabilities.
83bec15ab00978bb0f11e5f9e97e565cb578510b79514deba529887e8947a015Apple Security Advisory 09-16-2024-9 - macOS Sonoma 14.7 addresses buffer overflow, bypass, out of bounds access, out of bounds read, out of bounds write, and spoofing vulnerabilities.
8c7c598c2151ce639d355f21defbebd09be8b2089b0d7ca88eaa2eab7d02cc0aApple Security Advisory 09-16-2024-8 - iOS 17.7 and iPadOS 17.7 addresses bypass, out of bounds access, and out of bounds read vulnerabilities.
4993b0fd28e2f9894d9a7a6b11b76fd5ab68a695255e84e47ffc88d2865ddeafApple Security Advisory 09-16-2024-7 - Xcode 16 addresses unauthorized access issues.
a9f654caa833e22ec318c428a9c9ddca09390fb9d6b6567f2484d2d566bdb417Apple Security Advisory 09-16-2024-6 - Safari 18 addresses cross site scripting and spoofing vulnerabilities.
8565030c81e5697f1f766f9a15d6dc4896c79e31fa63809ae8174b258ad1dd69Apple Security Advisory 09-16-2024-5 - visionOS 2 addresses cross site scripting, integer overflow, out of bounds access, and out of bounds read vulnerabilities.
c33139a06c51eeb99d320b409bf3dff9bf4f6d249df655edcfd84eafd70434a2Apple Security Advisory 09-16-2024-4 - watchOS 11 addresses cross site scripting, integer overflow, out of bounds access, and out of bounds read vulnerabilities.
cc37085fe262bc1e832562736dee07e94a59cea8867890657c7639a8a8399592
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed