713 matches found
CVE-2025-43521
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26.2. An app may be able to access sensitive user data...
CVE-2025-43521
CVE-2025-43521 describes a downgrade issue affecting Intel-based Macs that was mitigated by adding code-signing restrictions. The issue could allow an app to access sensitive user data, and the vulnerability is fixed in macOS Tahoe 26.2 and macOS Sequoia 15.7.3. Public references in the connected...
PT-2025-51016
Name of the Vulnerable Software and Affected Versions macOS versions prior to 15.7.3 Description A flaw exists in macOS on Intel-based Mac computers related to code-signing restrictions. This could allow an application to access user-sensitive data. Recommendations Update to macOS version 15.7.3 ...
About the security content of macOS Tahoe 26.2
About the security content of macOS Tahoe 26.2 This document describes the security content of macOS Tahoe 26.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
PT-2025-51015
Name of the Vulnerable Software and Affected Versions macOS versions prior to 15.7.3 Description A flaw exists in macOS on Intel-based Mac computers that could allow an application to access sensitive user data. The issue was addressed through enhanced code-signing restrictions. Recommendations...
About the security content of macOS Sequoia 15.7.3
About the security content of macOS Sequoia 15.7.3 This document describes the security content of macOS Sequoia 15.7.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
CVE-2025-66506
A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service DoS due to excessive memory allocation when processing a malicious OpenID Connect OIDC identity token containing numerous period characters...
EUVD-2025-201293
Fulcio allocates excessive memory during token parsing...
CVE-2025-66506
Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.3, function identity.extractIssuerURL splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious...
EUVD-2025-200299
A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges...
CVE-2025-13658
A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges...
CVE-2025-13658 Industrial Video & Control Longwatch has a Code Injection vulnerability
A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges...
TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign
Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part of a global malvertising campaign dubbed TamperedChef. The end goal of the attacks is to establish persistence and deliver JavaScript malware that facilitates remote acces...
Apple macOS Sequoia Code Signature Limit Insufficiency Vulnerability
Apple macOS Sequoia is an operating system announced by Apple on June 10, 2024 at the WWDC24 developer conference. Apple macOS Sequoia suffers from an insufficient code signature restriction vulnerability that can be exploited by an attacker to access sensitive user data...
CVE-2025-43468
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access sensitive user data...
CVE-2025-43390
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1. An app may be able to access user-sensitive data...
CVE-2025-43468
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access sensitive user data...
CVE-2025-43468
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to access sensitive user data...
CVE-2025-43390
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1. An app may be able to access user-sensitive data...
CVE-2025-43390
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1. An app may be able to access user-sensitive data...