Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 1 year 25 weeks ago

APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8

21 September, 2021 - 11:04

Posted by product-security-noreply--- via Fulldisclosure on Sep 21

APPLE-SA-2021-09-20-6 Additional information for
APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8

iOS 14.8 and iPadOS 14.8 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212807.

Bluetooth
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote...

APPLE-SA-2021-09-20-5 Safari 15

21 September, 2021 - 11:04

Posted by product-security-noreply--- via Fulldisclosure on Sep 21

APPLE-SA-2021-09-20-5 Safari 15

Safari 15 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT212816.

WebKit
Available for: macOS Big Sur and macOS Catalina
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30846: Sergei Glazunov of Google Project...

APPLE-SA-2021-09-20-4 Xcode 13

21 September, 2021 - 11:03

Posted by product-security-noreply--- via Fulldisclosure on Sep 21

APPLE-SA-2021-09-20-4 Xcode 13

Xcode 13 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT212818.

IDE Xcode Server
Available for: macOS Big Sur 11.3 and later
Impact: Multiple issues in nginx
Description: Multiple issues were addressed by updating nginx to
version 1.21.0.
CVE-2016-0742
CVE-2016-0746
CVE-2016-0747
CVE-2017-7529
CVE-2018-16843
CVE-2018-16844
CVE-2018-16845...

APPLE-SA-2021-09-20-3 tvOS 15

21 September, 2021 - 11:03

Posted by product-security-noreply--- via Fulldisclosure on Sep 21

APPLE-SA-2021-09-20-3 tvOS 15

tvOS 15 addresses the following issues. Information about the security
content is also available at https://support.apple.com/HT212815.

Accessory Manager
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2021-30837: an anonymous researcher

FontParser...

APPLE-SA-2021-09-20-2 watchOS 8

21 September, 2021 - 11:03

Posted by product-security-noreply--- via Fulldisclosure on Sep 21

APPLE-SA-2021-09-20-2 watchOS 8

watchOS 8 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT212819.

Accessory Manager
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2021-30837: an anonymous researcher...

APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15

21 September, 2021 - 11:03

Posted by product-security-noreply--- via Fulldisclosure on Sep 21

APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15

iOS 15 and iPadOS 15 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT212814.

Accessory Manager
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with...

BSides San Francisco – February 2022

21 September, 2021 - 11:02

Posted by BSidesSF CFP via Fulldisclosure on Sep 21

BSidesSF is soliciting presentations and workshops for the 2022 annual
BSidesSF conference (in-person!).

CFP: https://bsidessf.org/cfp
CFW: https://bsidessf.org/cfw

** Topics **

All topic areas related to reliability, application security, web security,
network security, privacy, cryptography, and information security are of
interest and in scope.

Let us help you get the word out on The Next Big Thing!

** Theme **

From the Ground Up!, to...

Windows NT Command-line Interpreter "cmd.exe" / Stack Buffer Overflow

21 September, 2021 - 11:02

Posted by hyp3rlinx on Sep 21

[+] Credits: John Page (aka hyp3rlinx, malvuln)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CMD.EXE-STACK-BUFFER-OVERFLOW.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
cmd.exe is the default command-line interpreter for the OS/2,
eComStation, ArcaOS, Microsoft Windows (Windows NT family and Windows
CE family), and ReactOS operating...

APPLE-SA-2021-09-13-5 Safari 14.1.2

17 September, 2021 - 11:10

Posted by Apple Product Security via Fulldisclosure on Sep 17

APPLE-SA-2021-09-13-5 Safari 14.1.2

Safari 14.1.2 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT212808.

WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: A use after free issue was addressed...

APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina

17 September, 2021 - 11:10

Posted by Apple Product Security via Fulldisclosure on Sep 17

APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina

Security Update 2021-005 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212805.

CoreGraphics
Available for: macOS Catalina
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have
been actively exploited.
Description: An integer...

APPLE-SA-2021-09-13-3 macOS Big Sur 11.6

17 September, 2021 - 11:10

Posted by Apple Product Security via Fulldisclosure on Sep 17

APPLE-SA-2021-09-13-3 macOS Big Sur 11.6

macOS Big Sur 11.6 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT212804.

CoreGraphics
Available for: macOS Big Sur
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have
been actively exploited.
Description: An integer overflow was addressed with...

APPLE-SA-2021-09-13-2 watchOS 7.6.2

17 September, 2021 - 11:10

Posted by Apple Product Security via Fulldisclosure on Sep 17

APPLE-SA-2021-09-13-2 watchOS 7.6.2

watchOS 7.6.2 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT212806.

CoreGraphics
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have
been actively exploited.
Description: An integer overflow was addressed with...

APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8

17 September, 2021 - 11:10

Posted by Apple Product Security via Fulldisclosure on Sep 17

APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8

iOS 14.8 and iPadOS 14.8 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT212807.

CoreGraphics
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted PDF may lead to arbitrary...

AMD Chipset Driver Information Disclosure Vulnerability [CVE-2021-26333]

17 September, 2021 - 11:08

Posted by disclosure on Sep 17

We recently discovered a critical information disclosure vulnerability that affected the AMD Platform Security
Processor (PSP) chipset driver for multiple CPU architectures.

The vulnerability allowed non-privileged users to read uninitialised physical memory pages, where the original data was
either moved or paged out.

https://zeroperil.co.uk/cve-2021-26333/

Regards,

<https://zeroperil.com/>

Kyriakos Economou | Co-Founder

kye ()...

Microsoft Windows Command-line Interpreter "cmd.exe" / Stack Buffer Overflow

17 September, 2021 - 11:08

Posted by hyp3rlinx on Sep 17

[+] Credits: John Page (aka hyp3rlinx, malvuln)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CMD.EXE-STACK-BUFFER-OVERFLOW.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
cmd.exe is the default command-line interpreter for the OS/2,
eComStation, ArcaOS, Microsoft Windows (Windows NT family and Windows
CE family), and ReactOS operating...

Backdoor.Win32.WinterLove.i / Hardcoded Weak Password

14 September, 2021 - 07:13

Posted by malvuln on Sep 14

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c6c81e8ba0a7b9da6216a78dfeccec8d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.WinterLove.i
Vulnerability: Hardcoded Weak Password
Description: The WinterLove malware requires authentication for remote user
access. However, the password "plunix" is weak and hardcoded in plaintext
within the...

Backdoor.Win32.Wollf.h / Unauthenticated Remote Command Execution

14 September, 2021 - 07:13

Posted by malvuln on Sep 14

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/d0fd60516d53b2ad602c460351dbaa85.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Wollf.h
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 7614 installs a service named
WRM. Third-party attackers who can reach the system can get a shell with
SYSTEM integrity,...

Backdoor.Win32.VB.awm / Authentication Bypass - Information Leakage

14 September, 2021 - 07:13

Posted by malvuln on Sep 14

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/2271d942a23a89d7adea524d4ac3c13f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.VB.awm
Vulnerability: Authentication Bypass - Information Leakage
Description: The "Cryptech Heat" malware listens on TCP port 3786 and has
an option to set an remote access password. The malware also runs a
keylogger, we...

HEUR.Trojan.Win32.Generic / Insecure Permissions

14 September, 2021 - 07:13

Posted by malvuln on Sep 14

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/a6916fb9b824e3d2edfe46be69ca2501.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: HEUR.Trojan.Win32.Generic
Vulnerability: Insecure Permissions
Description: The malware creates an dir with insecure permissions under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can rename the...