Security News
APPLE-SA-03-31-2025-11 visionOS 2.4
Posted by Apple Product Security via Fulldisclosure on Apr 02
APPLE-SA-03-31-2025-11 visionOS 2.4visionOS 2.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122378.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Accounts
Available for: Apple Vision Pro
Impact: Sensitive keychain data may be accessible from an iOS backup
Description: This issue...
APPLE-SA-03-31-2025-10 tvOS 18.4
Posted by Apple Product Security via Fulldisclosure on Apr 02
APPLE-SA-03-31-2025-10 tvOS 18.4tvOS 18.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122377.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
AirDrop
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to read arbitrary file metadata
Description: A...
APPLE-SA-03-31-2025-9 macOS Ventura 13.7.5
Posted by Apple Product Security via Fulldisclosure on Apr 02
APPLE-SA-03-31-2025-9 macOS Ventura 13.7.5macOS Ventura 13.7.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122375.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
AccountPolicy
Available for: macOS Ventura
Impact: A malicious app may be able to gain root privileges
Description:...
APPLE-SA-03-31-2025-8 macOS Sonoma 14.7.5
Posted by Apple Product Security via Fulldisclosure on Apr 02
APPLE-SA-03-31-2025-8 macOS Sonoma 14.7.5macOS Sonoma 14.7.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122374.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
AccountPolicy
Available for: macOS Sonoma
Impact: A malicious app may be able to gain root privileges
Description: This...
APPLE-SA-03-31-2025-7 macOS Sequoia 15.4
Posted by Apple Product Security via Fulldisclosure on Apr 02
APPLE-SA-03-31-2025-7 macOS Sequoia 15.4macOS Sequoia 15.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122373.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Accessibility
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: A logging...
APPLE-SA-03-31-2025-6 iOS 15.8.4 and iPadOS 15.8.4
Posted by Apple Product Security via Fulldisclosure on Apr 02
APPLE-SA-03-31-2025-6 iOS 15.8.4 and iPadOS 15.8.4iOS 15.8.4 and iPadOS 15.8.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122345.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Accessibility
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE
(1st...
APPLE-SA-03-31-2025-5 iOS 16.7.11 and iPadOS 16.7.11
Posted by Apple Product Security via Fulldisclosure on Apr 02
APPLE-SA-03-31-2025-5 iOS 16.7.11 and iPadOS 16.7.11iOS 16.7.11 and iPadOS 16.7.11 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122346.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Accessibility
Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation,
iPad Pro...
APPLE-SA-03-31-2025-4 iPadOS 17.7.6
Posted by Apple Product Security via Fulldisclosure on Apr 02
APPLE-SA-03-31-2025-4 iPadOS 17.7.6iPadOS 17.7.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122372.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Accounts
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch,
and iPad 6th generation
Impact: Sensitive keychain...
APPLE-SA-03-31-2025-3 iOS 18.4 and iPadOS 18.4
Posted by Apple Product Security via Fulldisclosure on Apr 02
APPLE-SA-03-31-2025-3 iOS 18.4 and iPadOS 18.4iOS 18.4 and iPadOS 18.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122371.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and...
APPLE-SA-03-31-2025-2 Xcode 16.3
Posted by Apple Product Security via Fulldisclosure on Apr 02
APPLE-SA-03-31-2025-2 Xcode 16.3Xcode 16.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122380.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
IDE Assets
Available for: macOS Sequoia 15.2 and later
Impact: A malicious app may be able to access private information
Description: The...
APPLE-SA-03-31-2025-1 Safari 18.4
Posted by Apple Product Security via Fulldisclosure on Apr 02
APPLE-SA-03-31-2025-1 Safari 18.4Safari 18.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122379.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Authentication Services
Available for: macOS Ventura and macOS Sonoma
Impact: A malicious website may be able to claim WebAuthn...
3 vulnerabilities in Palo Alto Deep Packet Inspection mechanism
Posted by Pierre Kim on Apr 02
## Advisory InformationTitle: 3 vulnerabilities in Palo Alto Deep Packet Inspection mechanism
Advisory URL: https://pierrekim.github.io/advisories/2025-palo-alto-dpi.txt
Blog URL: https://pierrekim.github.io/blog/2025-03-31-paloalto-dpi-3-vulnerabilities.html
Date published: 2025-03-31
Vendors contacted: Palo Alto
Release mode: Released
CVE: None
## Product description
## Vulnerabilities Summary
Vulnerable versions: all versions of Palo Alto...
10 vulnerabilities in Brocade Fibre Channel switches
Posted by Pierre Kim on Apr 02
## Advisory InformationTitle: 10 vulnerabilities in Brocade Fibre Channel switches
Advisory URL: https://pierrekim.github.io/advisories/2025-brocade-switches.txt
Blog URL: https://pierrekim.github.io/blog/2025-03-31-brocade-switches-10-vulnerabilities.html
Date published: 2025-03-31
Vendors contacted: Brocade
Release mode: Released
CVE: CVE-2021-27797, CVE-2022-33186, CVE-2023-3454, CVE-2024-5460,
CVE-2024-5461, CVE-2024-7516
## Product...
OpenAI Security Research
Posted by Dave Aitel via Dailydave on Mar 28
So a few things:1. https://openai.com/index/security-on-the-path-to-agi/ I feel like this
blog is worth reading. :)
2. We're throwing a post-RSAC conference in SanFran to talk about AI and
Security (in particular, securing cybery things with AI) and if I'm very
lucky I'll even get to do a quick demo of the software I've been working
on, not that it will surprise anyone on this list! We have a few tickets
left I think and if...
Three bypasses of Ubuntu's unprivileged user namespace restrictions
Posted by Qualys Security Advisory via Fulldisclosure on Mar 27
Qualys Security AdvisoryThree bypasses of Ubuntu's unprivileged user namespace restrictions
========================================================================
Contents
========================================================================
Summary
Bypass via aa-exec
Bypass via busybox
Bypass via LD_PRELOAD
Acknowledgments
Timeline (advisory sent to the Ubuntu Security Team on January 15, 2025)...
SQL Injection in Admin Functionality - dolphin.prov7.4.2
Posted by Andrey Stoykov on Mar 24
# Exploit Title: SQL Injection in Admin Functionality - dolphin.prov7.4.2# Date: 03/2025
# Exploit Author: Andrey Stoykov
# Version: 7.4.2
# Date: 03/2025
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2025/03/friday-fun-pentest-series-21-sql.html
SQL Injection in Admin Functionality:
Steps to Reproduce:
1. Login as admin user and visit the page of "
http://192.168.58.170/dolphinCMS/administration/index.php?cat="
2....
Stored XSS via Send Message Functionality - dolphin.prov7.4.2
Posted by Andrey Stoykov on Mar 24
# Exploit Title: Stored XSS via Send Message Functionality -dolphin.prov7.4.2
# Date: 03/2025
# Exploit Author: Andrey Stoykov
# Version: 7.4.2
# Date: 03/2025
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2025/03/friday-fun-pentest-series-20-stored-xss.html
Stored XSS via Send Message Functionality:
Steps to Reproduce:
1. Login and visit "http://192.168.58.170/dolphinCMS/mail.php?mode=compose"
2. Add...
APPLE-SA-03-11-2025-4 visionOS 2.3.2
Posted by Apple Product Security via Fulldisclosure on Mar 20
APPLE-SA-03-11-2025-4 visionOS 2.3.2visionOS 2.3.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122284.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
WebKit
Available for: Apple Vision Pro
Impact: Maliciously crafted web content may be able to break out of Web
Content sandbox....
APPLE-SA-03-11-2025-3 macOS Sequoia 15.3.2
Posted by Apple Product Security via Fulldisclosure on Mar 20
APPLE-SA-03-11-2025-3 macOS Sequoia 15.3.2macOS Sequoia 15.3.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122283.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
WebKit
Available for: macOS Sequoia
Impact: Maliciously crafted web content may be able to break out of Web
Content...
