151 matches found
Don’t panic! “Unpatchable” Mac vulnerability discovered
Researchers at MITs Computer Science & Artificial Intelligence Lab CSAIL found an attack surface in a hardware-level security mechanism utilized in Apple M1 chips. The flaw is unpatchable, but attackers would need to chain it with other vulnerabilities to make use of the attack method. The hardwa...
MIT Researchers Discover New Flaw in Apple M1 CPUs That Can't Be Patched
A novel hardware attack dubbed PACMAN has been demonstrated against Apple's M1 processor chipsets, potentially arming a malicious actor with the capability to gain arbitrary code execution on macOS systems. It leverages "speculative execution attacks to bypass an important memory protection...
CVE-2022-26765
A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication...
CVE-2022-26765
A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication...
Race condition
A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication...
CVE-2022-26765
A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication...
CVE-2022-26765
A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication...
Apple TV 竞争条件问题漏洞
Apple TV 4K and Apple TV HD are both products of Apple Inc.Apple TV 4K is a smart set-top box. The Apple TV 4K is a smart set-top box used to launch 4K Hdr images.Apple TV HD is a high-definition television set-top box product.... Apple TV 4K, Apple TV 4K 2nd Generation, and Apple TV HD are...
About the security content of watchOS 8.6
About the security content of watchOS 8.6 This document describes the security content of watchOS 8.6. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
PT-2022-18065 · Apple · Ipados +4
Name of the Vulnerable Software and Affected Versions: watchOS versions prior to 8.6 tvOS versions prior to 15.5 macOS Monterey versions prior to 12.4 iOS versions prior to 15.5 iPadOS versions prior to 15.5 Description: A race condition was addressed with improved state handling, which could all...
SUSE-RU-2022:0861-1 Security update for openssl-1_1
This update for openssl-11 fixes the following issues: openssl-11: - CVE-2022-0778: Infinite loop in BNmodsqrt reachable when parsing certificates bsc1196877. - Fix PAC pointer authentication in ARM bsc1195856 - Pull libopenssl-11 when updating openssl-11 with the same version bsc1195792 - FIPS:...
SUSE-SU-2022:0860-1 Security update for openssl-1_1
This update for openssl-11 fixes the following issues: Security issue fixed: - CVE-2022-0778: Infinite loop in BNmodsqrt reachable when parsing certificates bsc1196877. Non-security issues fixed: - Fix PAC pointer authentication in ARM. bsc1195856 - Pull libopenssl-11 when updating openssl-11 wit...
The vulnerability of the QEMU hardware emulation software lies in the lack of a necessary encryption step, which allows attackers to gain access to confidential data.
The vulnerability of the QEMU hardware emulation software is related to a implementation error in the handling of pointer authentication. Exploiting this vulnerability can allow an attacker to gain access to confidential data...
CVE-2021-30769
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication...
CVE-2021-30769
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication...
CVE-2021-30769
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication...
Authentication flaw
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication...
CVE-2021-30769
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication...
CVE-2021-30769
CVE-2021-30769 is a kernel‑level issue in Apple platforms where a malicious actor with arbitrary read/write could bypass Pointer Authentication. The vulnerability is fixed in iOS 14.7, iPadOS 14.7, watchOS 7.6, and tvOS 14.7. Connected documents confirm the root cause as a kernel logic issue and ...
macOS 11’s hidden security improvements
A deep dive into macOS 11s internals reveals some security surprises that deserve to be more widely known. Contents 1. Introduction 1. Disclaimers 2. macOS 11s better known security improvements 1. Secret messages revealed? 3. CPU security mitigation APIs 1. The NOSMT mitigation 2. The TECS...