macOS 12.x < 12.7.6 Multiple Vulnerabilities (HT214118)

The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.7.6. It is, therefore, affected by multiple vulnerabilities: - A segment fault SEGV flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt API. This flaw allows a...

macOS 13.x < 13.6.8 Multiple Vulnerabilities (HT214120)

The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.6.8. It is, therefore, affected by multiple vulnerabilities: - A segment fault SEGV flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt API. This flaw allows a...

PT-2024-29034 · Apple · Macos Sonoma +3

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14.6 macOS Monterey versions prior to 12.7.6 macOS Ventura versions prior to 13.6.8 Description: A downgrade issue was addressed with additional code-signing restrictions. This issue may allow an app to leak sensitive...

CVE-2024-39698 Code Signing Bypass on Windows in electron-updater < 6.3.0-alpha.6

electron-updater allows for automatic updates for Electron apps. The file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by cmd.exe expands any...

electron-updater Code Signing Bypass on Windows

Observations The file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts implements the signature validation routine for Electron applications on Windows. It executes the following command in a new shell process.env.ComSpec on Windows, usually C:\Windows\System32\cmd.exe:...

electron-builder security vulnerability

electron-builder is a tool for packaging and building ready-to-distribute Electron, Proton Native applications for macOS, Windows, and Linux with out-of-the-box "auto-update" support. A security vulnerability exists in electron-builder prior to version 6.3.0-alpha.6, which can be exploited to...

Apple Launches Private Cloud Compute for Privacy-Centric AI Processing

Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute PCC that's designed for processing artificial intelligence AI tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture eve...

CVE-2024-27837

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. A local attacker may gain access to Keychain items...

CVE-2024-27837

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. A local attacker may gain access to Keychain items...

CVE-2024-27825

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to bypass certain Privacy preferences...

CVE-2024-27825

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to bypass certain Privacy preferences...

CVE-2024-27837

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. A local attacker may gain access to Keychain items...

CVE-2024-27837

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. A local attacker may gain access to Keychain items...

CVE-2024-27825

CVE-2024-27825 concerns a downgrade issue in Intel-based macOS, where an app may bypass certain Privacy preferences. It was mitigated by added code-signing restrictions and is fixed in macOS Sonoma 14.5. The vulnerability’s impact is privacy-related, enabling potential bypass of privacy controls ...

CVE-2024-27825

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to bypass certain Privacy preferences...

CVE-2024-27825

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to bypass certain Privacy preferences...

PT-2024-22071 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.5 Description: A downgrade issue was addressed with additional code-signing restrictions, which could allow a local attacker to gain access to Keychain items. Recommendations: For macOS Sonoma versions prior ...

PT-2024-22062 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14.5 Description: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue allows an app to bypass certain Privacy preferences. Recommendations: For...

CVE-2024-23480

A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This issue affects Zscaler Client Connector on MacOS prior to 4.2...

CVE-2024-23480

A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This issue affects Zscaler Client Connector on MacOS prior to 4.2...