8351 matches found
CVE-2023-23518
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution...
CVE-2022-42826
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution...
CVE-2023-23517
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution...
Apple Issues Updates for Older Devices to Fix Actively Exploited Vulnerability
Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation. The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when...
Own an older iPhone? Check you're on the latest version to avoid this bug
In December, 2022, we warned our readers about an actively exploited vulnerability in Apples WebKit. Back then we wondered why Apple specifically stated that the issue may have been actively exploited against versions of iOS released before iOS 15.1. At the time, our resident Apple expert Thomas...
Apple Releases Security Updates for Multiple Products
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security updates page for the following products and app...
macOS 11.x < 11.7.3 Multiple Vulnerabilities (HT213603)
The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.7.3. It is, therefore, affected by multiple vulnerabilities: - This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur...
macOS 12.x < 12.6.3 Multiple Vulnerabilities (HT213604)
The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.6.3. It is, therefore, affected by multiple vulnerabilities: - This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur...
About the security content of iOS 16.3 and iPadOS 16.3
About the security content of iOS 16.3 and iPadOS 16.3 This document describes the security content of iOS 16.3 and iPadOS 16.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...
About the security content of iOS 15.7.3 and iPadOS 15.7.3
About the security content of iOS 15.7.3 and iPadOS 15.7.3 This document describes the security content of iOS 15.7.3 and iPadOS 15.7.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...
PT-2023-19004 · Apple · Macos Ventura +5
Name of the Vulnerable Software and Affected Versions: watchOS versions prior to 9.3 tvOS versions prior to 16.3 macOS Ventura versions prior to 13.2 iOS versions prior to 16.3 iPadOS versions prior to 16.3 Description: The issue was addressed with improved handling of caches. Visiting a website...
RHEL 9 : webkit2gtk3 (RHSA-2023:0021)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0021 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: processing maliciously crafted web...
Oracle Linux 8 : webkit2gtk3 (ELSA-2023-0016)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-0016 advisory. 2.36.7-1.1 - Add patch for CVE-2022-42856 Resolves: 2153735 Tenable has extracted the preceding description block directly from the Oracle Linux security...
Oracle Linux 9 : webkit2gtk3 (ELSA-2023-0021)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-0021 advisory. 2.36.7-1.1 - Add patch for CVE-2022-42856 Resolves: 2153738 Tenable has extracted the preceding description block directly from the Oracle Linux security...
CVE-2022-42852
The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory...
CVE-2022-46699
A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution...
CVE-2022-42856
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this iss...
CVE-2022-42867
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution...
CVE-2022-46698
A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information...
CVE-2022-46700
A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution...