360 matches found
CVE-2021-30778
This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to bypass Privacy preferences...
CVE-2021-30757
This issue was addressed by enabling hardened runtime. This issue is fixed in iMovie 10.2.4. Entitlements and privacy permissions granted to this app may be used by a malicious app...
Design/Logic Flaw
This issue was addressed by enabling hardened runtime. This issue is fixed in iMovie 10.2.4. Entitlements and privacy permissions granted to this app may be used by a malicious app...
CVE-2021-30778
This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to bypass Privacy preferences...
Design/Logic Flaw
This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to bypass Privacy preferences...
CVE-2021-30778
This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to bypass Privacy preferences...
CVE-2021-30778
CVE-2021-30778 is a macOS Big Sur local entitlement bypass vulnerability fixed in macOS Big Sur 11.5. The issue allowed a malicious application to bypass Privacy preferences due to an entitlement/permissions flaw in the system’s entitlements handling. Affected component(s) are tied to macOS Big S...
CVE-2021-30757
This issue was addressed by enabling hardened runtime. This issue is fixed in iMovie 10.2.4. Entitlements and privacy permissions granted to this app may be used by a malicious app...
CVE-2021-30757
CVE-2021-30757 affects Apple iMovie; the issue concerns entitlements and privacy permissions granted to iMovie that could be used by a malicious app. Apple addressed the vulnerability by enabling hardened runtime, and the fix is available in iMovie 10.2.4. Affected component: iMovie’s entitlement...
Cloud Security Glossary: Key Terms and Definitions
When navigating the complexities of the public cloud, it’s easy to get lost in the endless acronyms, industry jargon, and vendor-specific terms. From K8s to IaC to Shift Left, it can be helpful to have a map to navigate the nuances of this emerging segment of the market. That’s why a few cloud...
macOS 11.x < 11.5 Multiple Vulnerabilities (HT212602)
The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.5. It is, therefore, affected by multiple vulnerabilities: - A logic issue was addressed with improved state management. This issue is fixed in watchOS 7.6, macOS Big Sur 11.5. Visiting a maliciously crafted webpage...
About the security content of iOS 14.7 and iPadOS 14.7
About the security content of iOS 14.7 and iPadOS 14.7 This document describes the security content of iOS 14.7 and iPadOS 14.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...
Shell command injection in Apache Syncope
In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution...
GHSA-P2RP-CMJQ-R7WM Shell command injection in Apache Syncope
In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in Windows Developer Tools. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution User privileges. Increased user privileges .NET Core & Visual Studio:...
CVE-2020-29620
This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges...
Design/Logic Flaw
This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges...
CVE-2020-29620
This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges...
CVE-2020-29620
CVE-2020-29620 affects macOS and relates to privilege escalation via entitlements. The issue is described as being addressed with improved entitlements and fixed in macOS Big Sur 11.1, Catalina Security Update 2020-001, and Mojave Security Update 2020-007. The Apple advisory HT212011 corroborates...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed several vulnerabilities in several developer tools. A malicious party could potentially exploit them to execute arbitrary code with user privileges. Visual Studio: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...