Security News

APPLE-SA-2020-1-28-5 Safari 13.0.5

Full Disclosure - 1 February, 2020 - 02:17

Posted by Apple Product Security via Fulldisclosure on Jan 31

APPLE-SA-2020-1-28-5 Safari 13.0.5

Safari 13.0.5 is now available and addresses the following:

Safari
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2020-3833: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)

Safari Login AutoFill...

APPLE-SA-2020-1-28-4 tvOS 13.3.1

Full Disclosure - 1 February, 2020 - 02:17

Posted by Apple Product Security via Fulldisclosure on Jan 31

APPLE-SA-2020-1-28-4 tvOS 13.3.1

tvOS 13.3.1 is now available and addresses the following:

Audio
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3857: Zhuo Liang of Qihoo 360 Vulcan Team

ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously...

APPLE-SA-2020-1-28-1 iOS 13.3.1 and iPadOS 13.3.1

Full Disclosure - 1 February, 2020 - 02:17

Posted by Apple Product Security via Fulldisclosure on Jan 31

APPLE-SA-2020-1-28-1 iOS 13.3.1 and iPadOS 13.3.1

iOS 13.3.1 and iPadOS 13.3.1 are now available and address the
following:

Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3857: Zhuo Liang of Qihoo 360...

APPLE-SA-2020-1-28-3 watchOS 6.1.2

Full Disclosure - 1 February, 2020 - 02:17

Posted by Apple Product Security via Fulldisclosure on Jan 31

APPLE-SA-2020-1-28-3 watchOS 6.1.2

watchOS 6.1.2 is now available and addresses the following:

AnnotationKit
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3877: an anonymous researcher working with Trend Micro's
Zero Day Initiative

Audio...

APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra

Full Disclosure - 1 February, 2020 - 02:17

Posted by Apple Product Security via Fulldisclosure on Jan 31

APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update
2020-001 Mojave, Security Update 2020-001 High Sierra

macOS Catalina 10.15.3, Security Update 2020-001 Mojave, and
Security Update 2020-001 High Sierra are now available and
address the following:

AnnotationKit
Available for: macOS Catalina 10.15.2
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An...

[CFP] leHACK - June 26 - June 27, 2020

Full Disclosure - 1 February, 2020 - 02:17

Posted by Hackira on Jan 31

Hello everyone,

For the second edition, leHACK will be held at la Cité des Sciences et de l'Industire, in Paris, on June 26 & 27 2020.

Since our community and the team enjoyed the site from the last year, it wasn't hard to pick a location, which hosted
la Nuit du Hack and leHACK for the previous years.

This year again will be at your disposal : a 3 level mezzanine, a 900 seats amphitheater, 2000m2 area decated to
exposure, the...

Re: Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers

Full Disclosure - 1 February, 2020 - 02:16

Posted by Błażej Adamczyk on Jan 31

UPDATE:
As there is no response from direct vendors (TOTOLINK and other) and
because the vulnerablity has a big impact (CVSSv3: 9.6, 70k vulnerable
devices on Internet) I decided to publish the exploit code:
https://sploit.tech/files/CVE-2019-19822-19825-exploit.sh

I kindly ask to spread information about the threat to make the users
aware of the problem and maybe force vendors to reconsider patching
their products..

Video:...

Executable installers are vulnerable^WEVIL (case 58): Intel® Processor Identification Utility - Windows* Version - arbitrary code execution with escalation of privilege

Bug Traq - 31 January, 2020 - 05:10

Posted by Stefan Kanthak on Jan 31

Hi @ll,

Intel® Processor Identification Utility - Windows* Version,
version 6.0.0211 from 2019-02-11, available from
<https://downloadmirror.intel.com/28539/a08/Intel(R)%20Processor%20Identification%20Utility.exe>
via <https://downloadcenter.intel.com/download/28539>, and
earlier versions 6.0.* are vulnerable: in default installations
of all supported versions of Windows (really: Windows Vista and
later), they allows arbitrary code...

[CVE-2019-20358] CVE-2019-9491 in Trend Micro Anti-Threat Toolkit (ATTK) was NOT properly FIXED

Bug Traq - 30 January, 2020 - 08:14

Posted by Stefan Kanthak on Jan 30

Hi @ll,

on September 29, 2019, John Page reported a remote code execution
with escalation of privilege in TrendMicro's Anti-Threat Toolkit
to its vendor.
TrendMicro assigned CVE-2019-9491 to this vulnerability and told
the reporter, his dog and the world on October 18, 2019, that they
had fixed the vulnerable product.

See <https://success.trendmicro.com/solution/000149878>,
<https://seclists.org/fulldisclosure/2019/Oct/42> and...

[SECURITY] [DSA 4610-1] webkit2gtk security update

Bug Traq - 30 January, 2020 - 02:20

Posted by Moritz Muehlenhoff on Jan 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-4610-1 security () debian org
https://www.debian.org/security/ Alberto Garcia
January 29, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : webkit2gtk
CVE ID : CVE-2019-8835 CVE-2019-8844...

APPLE-SA-2020-1-29-1 iCloud for Windows 7.17

Bug Traq - 30 January, 2020 - 02:17

Posted by Apple Product Security on Jan 29

APPLE-SA-2020-1-29-1 iCloud for Windows 7.17

iCloud for Windows 7.17 addresses the following:

ImageIO
Available for: Windows 7 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3826: Samuel Groß of Google Project Zero

libxml2
Available for: Windows 7 and later
Impact: Processing maliciously crafted XML may lead...

APPLE-SA-2020-1-29-2 iCloud for Windows 10.9.2

Bug Traq - 30 January, 2020 - 02:12

Posted by Apple Product Security on Jan 29

APPLE-SA-2020-1-29-2 iCloud for Windows 10.9.2

iCloud for Windows 10.9.2 is now available and addresses the
following:

ImageIO
Available for: Windows 10 and later via the Microsoft Store
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3826: Samuel Groß of Google Project Zero

libxml2
Available for: Windows 10 and later...

[SECURITY] [DSA 4611-1] opensmtpd security update

Bug Traq - 30 January, 2020 - 02:08

Posted by Moritz Muehlenhoff on Jan 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-4611-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 29, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : opensmtpd
CVE ID : CVE-2020-7247
Debian Bug :...

FreeBSD Security Advisory FreeBSD-SA-20:02.ipsec

Bug Traq - 29 January, 2020 - 05:00

Posted by FreeBSD Security Advisories on Jan 29

=============================================================================
FreeBSD-SA-20:02.ipsec Security Advisory
The FreeBSD Project

Topic: Missing IPsec anti-replay window check

Category: core
Module: kernel
Announced: 2020-01-28
Credits: Jean-Francois HREN
Affects: FreeBSD 12.0 only
Corrected:...

APPLE-SA-2020-1-28-1 iOS 13.3.1 and iPadOS 13.3.1

Bug Traq - 29 January, 2020 - 05:00

Posted by Apple Product Security on Jan 29

APPLE-SA-2020-1-28-1 iOS 13.3.1 and iPadOS 13.3.1

iOS 13.3.1 and iPadOS 13.3.1 are now available and address the
following:

Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3857: Zhuo Liang of Qihoo 360...

FreeBSD Security Advisory FreeBSD-SA-20:01.libfetch

Bug Traq - 29 January, 2020 - 04:48

Posted by FreeBSD Security Advisories on Jan 29

=============================================================================
FreeBSD-SA-20:01.libfetch Security Advisory
The FreeBSD Project

Topic: libfetch buffer overflow

Category: core
Module: libfetch
Announced: 2020-01-28
Credits: Duncan Overbruck
Affects: All supported versions of FreeBSD.
Corrected:...

FreeBSD Security Advisory FreeBSD-SA-20:03.thrmisc

Bug Traq - 29 January, 2020 - 04:44

Posted by FreeBSD Security Advisories on Jan 29

=============================================================================
FreeBSD-SA-20:03.thrmisc Security Advisory
The FreeBSD Project

Topic: kernel stack data disclosure

Category: core
Module: kernel
Announced: 2020-01-28
Credits: Ilja Van Sprundel
Affects: All supported versions of FreeBSD.
Corrected:...

APPLE-SA-2020-1-28-4 tvOS 13.3.1

Bug Traq - 29 January, 2020 - 04:38

Posted by Apple Product Security on Jan 29

APPLE-SA-2020-1-28-4 tvOS 13.3.1

tvOS 13.3.1 is now available and addresses the following:

Audio
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3857: Zhuo Liang of Qihoo 360 Vulcan Team

ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously...

APPLE-SA-2020-1-28-3 watchOS 6.1.2

Bug Traq - 29 January, 2020 - 04:38

Posted by Apple Product Security on Jan 29

APPLE-SA-2020-1-28-3 watchOS 6.1.2

watchOS 6.1.2 is now available and addresses the following:

AnnotationKit
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3877: an anonymous researcher working with Trend Micro's
Zero Day Initiative

Audio...

APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra

Bug Traq - 29 January, 2020 - 04:38

Posted by Apple Product Security on Jan 29

APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update
2020-001 Mojave, Security Update 2020-001 High Sierra

macOS Catalina 10.15.3, Security Update 2020-001 Mojave, and
Security Update 2020-001 High Sierra are now available and
address the following:

AnnotationKit
Available for: macOS Catalina 10.15.2
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An...
Syndicate content