lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 07 Feb 2019 10:29:02 -0800
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: APPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOS

Shortcuts 2.1.3 for iOS is now available and addresses the following:

Shortcuts
Available for: Shortcuts 2.1.2 for iOS
Impact: A local user may be able to view senstive user information
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2019-7289: Sem Voigtländer of Fontys Hogeschool ICT

Shortcuts
Available for: Shortcuts 2.1.2 for iOS
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2019-7290: Avimanyu Roy (@AvimanyuRoy3)

Additional recognition

Shortcuts
We would like to acknowledge Sem Voigtländer of Fontys Hogeschool
ICT for their assistance.

Installation note:

Shortcuts 2.1.3 for iOS may be obtained from the App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlxcZmopHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HU4A/8
DI/d6q1a4C0x7/T/XBDc4WsuvOFa5mmaTicKE24CRJjDjb2c11ZOtIeeBF7HBJVx
5+326g+3y1J7wAPT1o5btQQv0SNxVaDuJUa8hNUrheg+LpQ5dEzVY50X+lMJ9etE
gjyyZWrzWMSXvuHj+CrXRuK1BXZQCWZzOXIPfVOYqH3eBao0ld4NaQdtviUctNla
wgiLZ+33fVFJm1MjtdcjxOhKd54GVGUnKN338YhnFQfIjEZA7zeOvKlzb77ZqDZx
JxpuVIpkv4OvWX0Xg+u0iYALEbJDr75vk3YUjuKHCWENdJM9Eka64yVxdGc7C9/E
vpAKwVaWcgCJuDexaqwt/ht1AclMVzORPSYtU0A1HxyVR3kEUVjAWAuANjakB/Zn
CDerYQiTOyFSZIvitkrunQmb65iXMjjYgznnTjAxv1kkil5uAz56L+jJ0C/CNw4y
kzsQnrKbxyTNJ/qYzPaEJChsZ7FSWakBUJZ62hQzRaQnXgGZ8UyfyL9cRS5NUaO5
Yd0FaQk7UWCsbFzePHTlSbA5GedweJ6cXcoBst/WdpGP+81ZnvQMhbEJvxXwmKP1
xpq0PhAWRFBQFtWowhVE7fKLQj9zqao86eSebKK1Tc9VfnFNUmTQjyQo2HpdQtnC
eW17D5S5FBaov6WyxASP5Wmi8xJsmgWP4OomprfSbNQ=
=BI6A
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists