CVE-2022-28206

An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights...

An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit

By Ian Beer A graph representation of the sandbox escape NSExpression payload In April this year Google's Threat Analysis Group, in collaboration with Amnesty International, discovered an in-the-wild iPhone zero-day exploit chain being used in targeted attacks delivered via malicious link. The...

Apple iOS < 15.7.5 Multiple Vulnerabilities (HT213723)

Binary data appleios1575check.nbin...

Microsoft (& Apple) Patch Tuesday, April 2023 Edition

Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. Not to be outdone, Apple has released a set of important updates addressing two zero-day...

CVE-2023-28206

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6. An app may be able to execute arbitrary code with kernel privileges. App...

CVE-2023-28206

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6. An app may be able to execute arbitrary code with kernel privileges. App...

CVE-2023-28206

creationtimestamp| type| source ---|---|--- 2023-04-10 09:02:28+00:00| exploited| https://t.me/itsecnews/2430 2023-04-10 12:29:34+00:00| exploited| https://t.me/truesecator/4268 2023-04-10 22:22:57+00:00| exploited| https://t.me/cibsecurity/61783 2023-04-11 07:53:32+00:00| seen|...

CVE-2023-28206

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6. An app may be able to execute arbitrary code with kernel privileges. App...

CVE-2023-28206

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6. An app may be able to execute arbitrary code with kernel privileges. App...

About the security content of macOS Monterey 12.6.5

About the security content of macOS Monterey 12.6.5 This document describes the security content of macOS Monterey 12.6.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

About the security content of iOS 15.7.5 and iPadOS 15.7.5

About the security content of iOS 15.7.5 and iPadOS 15.7.5 This document describes the security content of iOS 15.7.5 and iPadOS 15.7.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...

CVE-2023-28206

CVE-2023-28206 is an IOSurfaceAccelerator out-of-bounds write vulnerability in Apple’s iOS/macOS stack. The connected analysis documents an in-the-wild exploit chain targeting Safari IPC to escalate to GPU-process code execution, including a sequence of heap grooming and IPC misuse that yields ar...

macOS 11.x < 11.7.6 (HT213725)

The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.7.6. It is, therefore, affected by a vulnerability: - An out-of-bounds write issue was addressed with improved input validation. CVE-2023-28206 Note that Nessus has not tested for this issue but has instead relied...

About the security content of macOS Big Sur 11.7.6

About the security content of macOS Big Sur 11.7.6 This document describes the security content of macOS Big Sur 11.7.6. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

macOS 12.x < 12.6.5 (HT213724)

The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.6.5. It is, therefore, affected by a vulnerability: - An out-of-bounds write issue was addressed with improved input validation. CVE-2023-28206 Note that Nessus has not tested for this issue but has instead relied...

VulnCheck KEV: CVE-2023-28206

Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges...

macOS 13.x < 13.3.1 Multiple Vulnerabilities (HT213721)

The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.3.1. It is, therefore, affected by multiple vulnerabilities: - An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited...

About the security content of macOS Ventura 13.3.1

About the security content of macOS Ventura 13.3.1 This document describes the security content of macOS Ventura 13.3.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

MediaWiki <= 1.39.4 Multiple Vulnerabilities - Linux

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

MediaWiki <= 1.39.4 Multiple Vulnerabilities - Windows

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...