CVE-2022-46692

CVE-2022-46692 is a logic issue in WebKitGTK/WebKit causing a bypass of the Same Origin Policy when processing malicious web content. The Apple ecosystem fixes (Safari 16.2, iOS 16.2/iPadOS 16.2, macOS Ventura 13.1, watchOS 9.2, etc.) are documented in the initial CVE description. Connected advis...

CVE-2022-46693

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing a maliciously crafted file may lead to arbitrary code execution...

CVE-2022-46698

A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information...

About the security content of iCloud for Windows 14.1

About the security content of iCloud for Windows 14.1 This document describes the security content of iCloud for Windows 14.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

PT-2022-7242 · Apple · Ipados +4

Name of the Vulnerable Software and Affected Versions: iCloud Photo Library versions prior to iOS 16.2 iCloud Photo Library versions prior to iPadOS 16.2 iCloud Photo Library versions prior to macOS Ventura 13.1 Description: The issue is related to a logic problem that has been addressed with...

PT-2022-27955 · Apple · Icloud For Windows +6

Name of the Vulnerable Software and Affected Versions: Apple tvOS versions prior to 16.2 Apple iCloud for Windows versions prior to 14.1 Apple macOS Ventura versions prior to 13.1 Apple iOS versions prior to 16.2 Apple iPadOS versions prior to 16.2 Apple watchOS versions prior to 9.2 Description:...

KLA20116 Multiple vulnerabilities in Apple iCloud

Multiple vulnerabilities were found in Apple iCloud. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Security vulnerability in WebKit can be exploited to bypass...

Apple Releases Security Updates for Multiple Products

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security updates page for the following products and app...

VulnCheck KEV: CVE-2022-46692

A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy...

PT-2022-7574 · Apple +7 · Icloud For Windows +14

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 16.2 tvOS versions prior to 16.2 iCloud for Windows versions prior to 14.1 iOS versions prior to 15.7.2 and 16.2 iPadOS versions prior to 15.7.2 and 16.2 macOS Ventura versions prior to 13.1 watchOS versions prior to...

PT-2022-7573 · Apple +7 · Icloud For Windows +14

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 16.2 tvOS versions prior to 16.2 iCloud for Windows versions prior to 14.1 macOS Ventura versions prior to 13.1 iOS versions prior to 16.2 iPadOS versions prior to 16.2 watchOS versions prior to 9.2 Description: The...

About the security content of macOS Ventura 13.1

About the security content of macOS Ventura 13.1 This document describes the security content of macOS Ventura 13.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases...

macOS 13.x < 13.1 Multiple Vulnerabilities (HT213532)

The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.1. It is, therefore, affected by multiple vulnerabilities: - Nokogiri is an open source XML and HTML library for Ruby. Nokogiri = 1.13.4. There are no known workarounds for this issue. CVE-2022-24836 - Nokogiri is a...

Google Adds Passkey Support to Chrome for Windows, macOS and Android

Google has officially begun rolling out support for passkeys, the next-generation passwordless login standard, to its stable version of Chrome web browser. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant's Ali Sarraf said...

Apple Is Finally Encrypting iCloud Backups

After way too many years, Apple is finally encrypting iCloud backups: Based on a screenshot from Apple, these categories are covered when you flip on Advanced Data Protection: device backups, messages backups, iCloud Drive, Notes, Photos, Reminders, Safari bookmarks, Siri Shortcuts, Voice Memos,...

Apple announces 3 new security features

Apple has announced three new security features focused on protecting user data in the cloud: iMessage Contact Key Verification, Security Keys for Apple ID, and Advanced Data Protection for iCloud. iMessage Contact Key Verification and Security Keys for Apple ID will be available globally in 2023...

Apple Boosts Security With New iMessage, Apple ID, and iCloud Protections

Apple on Wednesday announced a raft of security measures, including an Advanced Data Protection setting that enables end-to-end encrypted E2EE data backups in its iCloud service. The headlining feature, when turned on, is expected to secure 23 data categories using E2EE, including device and...

Apple Expands End-to-End Encryption to iCloud Backups

The company will also soon support the use of physical authentication keys with Apple ID, and is adding contact verification for iMessage in 2023...

Apple’s Device Analytics Can Identify iCloud Users

Researchers claim that supposedly anonymous device analytics information can identify users: On Twitter, security researchers Tommy Mysk and Talal Haj Bakry have found that Apples device analytics data includes an iCloud account and can be linked directly to a specific user, including their name,...

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon, a popular "malware-as-a-service" offering that helped paying customers steal passwords and financial data from millions of cybercrime victims...