‼ CVE-2022-3307 ‼
📖 Read
via "National Vulnerability Database".
Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42823 ‼
📖 Read
via "National Vulnerability Database".
A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3312 ‼
📖 Read
via "National Vulnerability Database".
Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a local attacker to bypass managed device restrictions via physical access to the device. (Chrome security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42831 ‼
📖 Read
via "National Vulnerability Database".
A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42825 ‼
📖 Read
via "National Vulnerability Database".
This issue was addressed by removing additional entitlements. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3317 ‼
📖 Read
via "National Vulnerability Database".
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.5249.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chrome security severity: Low)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42796 ‼
📖 Read
via "National Vulnerability Database".
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.7 and iPadOS 15.7, macOS Ventura 13. An app may be able to gain elevated privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32947 ‼
📖 Read
via "National Vulnerability Database".
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3308 ‼
📖 Read
via "National Vulnerability Database".
Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32913 ‼
📖 Read
via "National Vulnerability Database".
The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. A sandboxed app may be able to determine which app is currently using the camera.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3316 ‼
📖 Read
via "National Vulnerability Database".
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. (Chrome security severity: Low)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42801 ‼
📖 Read
via "National Vulnerability Database".
A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42790 ‼
📖 Read
via "National Vulnerability Database".
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6. A user may be able to view restricted content from the lock screen.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42788 ‼
📖 Read
via "National Vulnerability Database".
A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Ventura 13. A malicious application may be able to read sensitive location information.📖 Read
via "National Vulnerability Database".
📢 Major security exploits expected to rise before New Year 📢
📖 Read
via "ITPro".
Supply chain attacks are also expected to increase, along with affiliate programmes becoming more popular📖 Read
via "ITPro".
ITPro
Major security exploits expected to rise before New Year
Supply chain attacks are also expected to increase, along with affiliate programmes becoming more popular
📢 UK's £6m cyber support package for Ukraine revealed for first time 📢
📖 Read
via "ITPro".
The government said the programme has been in place since February but remained tight-lipped to preserve its operational security📖 Read
via "ITPro".
ITPro
UK's £6m cyber support package for Ukraine revealed for first time
The government said the programme has been in place since February but remained tight-lipped to preserve its operational security
📢 Yanluowang ransomware leaks suggest pseudo Chinese persona, REvil links 📢
📖 Read
via "ITPro".
It's the second major ransomware organisation to have been rocked this year after internal chat logs were leaked by anonymous hackers📖 Read
via "ITPro".
ITPro
Yanluowang ransomware leaks suggest pseudo Chinese persona, REvil links
It's the second major ransomware organisation to have been rocked this year after internal chat logs were leaked by anonymous hackers
📢 OpenSSL 3.0 vulnerability: Patch released for security scare 📢
📖 Read
via "ITPro".
The severity has been downgraded from 'critical' to 'high' and comparisons to Heartbleed have been quashed📖 Read
via "ITPro".
‼ CVE-2022-3659 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Accessibility in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chrome security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3814 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in Axiomatic Bento4. This vulnerability affects unknown code of the component mp4decrypt. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212680.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3816 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in Axiomatic Bento4. Affected is an unknown function of the component mp4decrypt. The manipulation leads to memory leak. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212682 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".