Security News

APPLE-SA-03-11-2025-2 iOS 18.3.2 and iPadOS 18.3.2

Full Disclosure - 20 March, 2025 - 07:17

Posted by Apple Product Security via Fulldisclosure on Mar 20

APPLE-SA-03-11-2025-2 iOS 18.3.2 and iPadOS 18.3.2

iOS 18.3.2 and iPadOS 18.3.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122281.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and...

APPLE-SA-03-11-2025-1 Safari 18.3.1

Full Disclosure - 20 March, 2025 - 07:17

Posted by Apple Product Security via Fulldisclosure on Mar 20

APPLE-SA-03-11-2025-1 Safari 18.3.1

Safari 18.3.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122285.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: Maliciously crafted web content may be able to break out of Web
Content...

CVE-2019-16261 (UPDATE): Unauthenticated POST requests to Tripp Lite UPS Systems

Full Disclosure - 20 March, 2025 - 07:17

Posted by Lucas Lalumière on Mar 20

[Author]: Lucas Lalumiere
[Contact]: lucas.lalum () gmail com
[Date]: 2025-3-17
[Vendor]: Tripp Lite
[Product]: SU750XL UPS
[Firmware]: 12.04.0052
[CVE Reference]: CVE-2019-16261

============================
Affected Products (Tested):
============================
- Tripp Lite PDU's (e.g., PDUMH15AT)
- Tripp Lite UPS's (e.g., SU750XL) *NEW*

======================
Vulnerability Summary:
======================
CVE-2019-16261 describes...

Multiple sandbox escapes in asteval python sandboxing module

Full Disclosure - 11 March, 2025 - 13:02

Posted by areca-palm via Fulldisclosure on Mar 11

[CVE pending]

Sandboxing Python is notoriously difficult, the Python module "asteval" is no exception. Add to this the fact that a
large set of numpy functions are exposed within the sandbox by default.
Versions <=1.06 are vulnerable.
This vuln has been disclosed to the maintainer, who closed the security advisory and has since pushed his own fix to
master. A CVE is still pending. Publishing the vulnerability through this list...

Cyber Reasoning Systems

Daily Dave - 4 March, 2025 - 13:06

Posted by Dave Aitel via Dailydave on Mar 04

I continue to believe there are a lot of interesting questions around
building cyber reasoning systems for vuln finding. Even the very basics
seem hard to study and understand, and the eval datasets available
are....sparse or incomplete. For example, what you really want if you're
analyzing git repos is the commit a bug was introduced, and the commit it
was fixed. But usually you get "a commit where it maybe existed".

Likewise,...

on your child going to college in Christchurch, NZ and velvet worms

Daily Dave - 11 February, 2025 - 17:15

Posted by Dave Aitel via Dailydave on Feb 11

*on your child going to college in Christchurch, NZ and velvet worms*

By mid‑August the garden already practices absence — stems turning hollow,
the robin leaving its notes hanging in the air like torn corners of a song.
Under the chirp of palmetto bugs, a log eases itself back into earth.
Inside, hidden from the light, a velvet worm does the impossible: offers
herself to a spill of pale, blind threads. For days she is nothing but
hunger...
Syndicate content