PT-2024-29033 · Apple · Ipados +7

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.6.8 macOS Monterey versions prior to 12.7.6 iOS versions prior to 17.6 iPadOS versions prior to 17.6 watchOS versions prior to 10.6 tvOS versions prior to 17.6 macOS Sonoma versions prior to 14.6 Description: A...

macOS 12.x < 12.7.6 Multiple Vulnerabilities (HT214118)

The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.7.6. It is, therefore, affected by multiple vulnerabilities: - A segment fault SEGV flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt API. This flaw allows a...

PT-2024-29071 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14.6 Description: A downgrade issue was addressed with additional code-signing restrictions. This issue may allow an app to bypass Privacy preferences. Recommendations: For versions prior to 14.6, update to macOS Sonom...

PT-2024-29034 · Apple · Macos Sonoma +3

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14.6 macOS Monterey versions prior to 12.7.6 macOS Ventura versions prior to 13.6.8 Description: A downgrade issue was addressed with additional code-signing restrictions. This issue may allow an app to leak sensitive...

macOS 13.x < 13.6.8 Multiple Vulnerabilities (HT214120)

The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.6.8. It is, therefore, affected by multiple vulnerabilities: - A segment fault SEGV flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt API. This flaw allows a...

CVE-2024-39698 Code Signing Bypass on Windows in electron-updater < 6.3.0-alpha.6

electron-updater allows for automatic updates for Electron apps. The file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by cmd.exe expands any...

electron-updater Code Signing Bypass on Windows

Observations The file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts implements the signature validation routine for Electron applications on Windows. It executes the following command in a new shell process.env.ComSpec on Windows, usually C:\Windows\System32\cmd.exe:...

electron-builder security vulnerability

electron-builder is a tool for packaging and building ready-to-distribute Electron, Proton Native applications for macOS, Windows, and Linux with out-of-the-box "auto-update" support. A security vulnerability exists in electron-builder prior to version 6.3.0-alpha.6, which can be exploited to...

Apple Launches Private Cloud Compute for Privacy-Centric AI Processing

Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute PCC that's designed for processing artificial intelligence AI tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture eve...

CVE-2024-27837

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. A local attacker may gain access to Keychain items...

CVE-2024-27837

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. A local attacker may gain access to Keychain items...

CVE-2024-27825

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to bypass certain Privacy preferences...

CVE-2024-27825

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to bypass certain Privacy preferences...

CVE-2024-27837

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. A local attacker may gain access to Keychain items...

CVE-2024-27837

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. A local attacker may gain access to Keychain items...

CVE-2024-27825

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to bypass certain Privacy preferences...

CVE-2024-27825

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to bypass certain Privacy preferences...

CVE-2024-27825

CVE-2024-27825 concerns a downgrade issue in Intel-based macOS, where an app may bypass certain Privacy preferences. It was mitigated by added code-signing restrictions and is fixed in macOS Sonoma 14.5. The vulnerability’s impact is privacy-related, enabling potential bypass of privacy controls ...

PT-2024-22071 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.5 Description: A downgrade issue was addressed with additional code-signing restrictions, which could allow a local attacker to gain access to Keychain items. Recommendations: For macOS Sonoma versions prior ...

PT-2024-22062 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14.5 Description: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue allows an app to bypass certain Privacy preferences. Recommendations: For...