[<prev] [next>] [day] [month] [year] [list]
Message-id: <A22A272D-65E7-48E6-87EA-86EF7805477B@lists.apple.com>
Date: Thu, 07 Feb 2019 10:29:02 -0800
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOS
Shortcuts 2.1.3 for iOS is now available and addresses the following:
Shortcuts
Available for: Shortcuts 2.1.2 for iOS
Impact: A local user may be able to view senstive user information
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2019-7289: Sem Voigtländer of Fontys Hogeschool ICT
Shortcuts
Available for: Shortcuts 2.1.2 for iOS
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2019-7290: Avimanyu Roy (@AvimanyuRoy3)
Additional recognition
Shortcuts
We would like to acknowledge Sem Voigtländer of Fontys Hogeschool
ICT for their assistance.
Installation note:
Shortcuts 2.1.3 for iOS may be obtained from the App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlxcZmopHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HU4A/8
DI/d6q1a4C0x7/T/XBDc4WsuvOFa5mmaTicKE24CRJjDjb2c11ZOtIeeBF7HBJVx
5+326g+3y1J7wAPT1o5btQQv0SNxVaDuJUa8hNUrheg+LpQ5dEzVY50X+lMJ9etE
gjyyZWrzWMSXvuHj+CrXRuK1BXZQCWZzOXIPfVOYqH3eBao0ld4NaQdtviUctNla
wgiLZ+33fVFJm1MjtdcjxOhKd54GVGUnKN338YhnFQfIjEZA7zeOvKlzb77ZqDZx
JxpuVIpkv4OvWX0Xg+u0iYALEbJDr75vk3YUjuKHCWENdJM9Eka64yVxdGc7C9/E
vpAKwVaWcgCJuDexaqwt/ht1AclMVzORPSYtU0A1HxyVR3kEUVjAWAuANjakB/Zn
CDerYQiTOyFSZIvitkrunQmb65iXMjjYgznnTjAxv1kkil5uAz56L+jJ0C/CNw4y
kzsQnrKbxyTNJ/qYzPaEJChsZ7FSWakBUJZ62hQzRaQnXgGZ8UyfyL9cRS5NUaO5
Yd0FaQk7UWCsbFzePHTlSbA5GedweJ6cXcoBst/WdpGP+81ZnvQMhbEJvxXwmKP1
xpq0PhAWRFBQFtWowhVE7fKLQj9zqao86eSebKK1Tc9VfnFNUmTQjyQo2HpdQtnC
eW17D5S5FBaov6WyxASP5Wmi8xJsmgWP4OomprfSbNQ=
=BI6A
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists