Sync iCloud COS < 2.0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the 本地文件夹 or URL前缀 settings of the plugin: " style=animation-name:rotation...

AlmaLinux 8 : GNOME (ALSA-2021:4381)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4381 advisory. - A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lea...

Apple Pays $100.5K Bug Bounty for Mac Webcam Hack

A researcher who showed Apple how its webcams can be hijacked via a universal cross-site scripting bug UXSS Safari bug has been awarded what is reportedly a record $100,500 bug bounty. The bug could be used by an adversary as part of an attack to gain full access to every website ever visited by...

Apple Pays $100,500 Bounty to Hacker Who Found Way to Hack MacBook Webcam

Apple last year fixed a new set of macOS vulnerabilities that exposed Safari browser to attack, potentially allowing malicious actors to access users' online accounts, microphone, and webcam. Security researcher Ryan Pickren, who discovered and reported the bugs to the iPhone maker, was compensat...

Apple Releases iOS and macOS Updates to Patch Actively Exploited 0-Day Vulnerability

Apple on Wednesday released iOS 15.3 and macOS Monterey 12.2 with a fix for the privacy-defeating bug in Safari, as well as to contain a zero-day flaw, which it said has been exploited in the wild to break into its devices. Tracked as CVE-2022-22587, the vulnerability relates to a memory corrupti...

About the security content of watchOS 8.4

About the security content of watchOS 8.4 This document describes the security content of watchOS 8.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

About the security content of iOS 15.3 and iPadOS 15.3

About the security content of iOS 15.3 and iPadOS 15.3 This document describes the security content of iOS 15.3 and iPadOS 15.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...

About the security content of tvOS 15.3

About the security content of tvOS 15.3 This document describes the security content of tvOS 15.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

Apple多款产品后置链接漏洞

Apple tvOS and others are products of Apple Inc. tvOS is a smart TV operating system. apple iPadOS is an operating system for iPad tablets. apple macOS Monterey is the 18th major version of macOS, the operating system for the Macintosh desktop. A backlink vulnerability exists in several Apple...

SUSE SLES15: libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc (SUSE-SU-2022:0183-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0183-1 advisory. - Update to version 2.34.3 bsc1194019. - CVE-2021-30887: Fixed logic issue allowing unexpectedly unenforced Content Security Policy...

SUSE SLED15: libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc (SUSE-SU-2022:0182-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0182-1 advisory. - Update to version 2.34.3 bsc1194019. - CVE-2021-30887: Fixed logic issue allowing unexpectedly unenforced...

About the security content of macOS Big Sur 11.6.3

About the security content of macOS Big Sur 11.6.3 This document describes the security content of macOS Big Sur 11.6.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

SUSE SLES12: libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc (SUSE-SU-2022:0142-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0142-1 advisory. - Update to version 2.34.3 bsc1194019. - CVE-2021-30887: Fixed logic issue allowing unexpectedly unenforced Content Security Policy...

How Apple's iCloud Private Relay Can Keep You Safe

The newest security measure is still in beta. But if you want to make use of it, here's what you need to know...

Apple Releases iPhone and iPad Updates to Patch HomeKit DoS Vulnerability

Apple on Wednesday rolled out software updates for iOS and iPadOS to remediate a persistent denial-of-service DoS issue affecting the HomeKit smart home framework that could be potentially exploited to launch ransomware-like attacks targeting the devices. The iPhone maker, in its release notes fo...

Apple’s Private Relay Roils Telecoms Around the World

Security experts say there's little reason for the criticism from Europe’s mobile operators and US limitations over the VPN-like iCloud tool...

Researchers Detail New HomeKit 'doorLock' Bug Affecting Apple iOS

A persistent denial-of-service DoS vulnerability has been discovered in Apple's iOS mobile operating system that's capable of sending affected devices into a crash or reboot loop upon connecting to an Apple Home-compatible appliance. The behavior, dubbed "doorLock," is trivial in that it can be...

Apple macOS High Sierra Information Disclosure Vulnerability (CNVD-2022-15494)

A security vulnerability exists in Apple macOS High Sierra, a specialized operating system developed by Apple for Mac computers. An attacker could use the vulnerability to potentially gain access to iCloud authentication tokens...

CVE-2017-2375

An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addressed through improved logic. This issue is fixed in iOS 10.2.1. Updates for CallKit call history are sent to iCloud...

CVE-2018-4302

A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution...