lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 21 Sep 2023 11:35:07 -0700
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2023-09-21-5 watchOS 9.6.3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2023-09-21-5 watchOS 9.6.3

watchOS 9.6.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213929.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Kernel
Available for: Apple Watch Series 4 and later
Impact: A local attacker may be able to elevate their privileges. Apple
is aware of a report that this issue may have been actively exploited
against versions of iOS before iOS 16.7.
Description: The issue was addressed with improved checks.
CVE-2023-41992: Bill Marczak of The Citizen Lab at The University of
Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group

Security
Available for: Apple Watch Series 4 and later
Impact: A malicious app may be able to bypass signature
validation. Apple is aware of a report that this issue may have been
actively exploited against versions of iOS before iOS 16.7.
Description: A certificate validation issue was addressed.
CVE-2023-41991: Bill Marczak of The Citizen Lab at The University of
Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group


All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmUMi+QACgkQX+5d1TXa
IvqEKBAAot3koiHF8bV334s7cFZFe+xUGkFszWH7XR/73NCyKVRJaxjfgHkcJUPZ
qiEgALnau3mEFagwLu2+hIEJKZLCF5nU7uf0tQOBOjWL/ZUk9DXStAahkBWmom9/
7mGxRqiEPPduJ8jU3BbxVqbwo3IiNhww8o2bS15o/ByhBopvCtIgJFKVPdWOlnHV
og85okHBa7uOKzwXIdERl62UuAG6swGc8iTdhDxgrlCqDNQPKTT8Re/+Dzv2htlI
UI38gp/3wFLhQArmgzIbrU6WLMnMRPn+M/juT1AjuFLY1JkdGd/y+uEmNg/rU8tF
b4ptEbbuR5mNxhcyx0RIn18pHOv7MV/hYRNtXzCkEH5bxAIlPMFLTRWs8OsqlBlQ
t4lDnf/u0I50W5F3Bf6BpN4lAJaHFej1vNQtz0CN1sXocBj3LUlWFjK5lFXymWUc
qKt+1xwXBraDuNGabZua5cZpMXNUL8wAjVv1uZOjmvdB1jHN6FVfyu9oc2ONH+p+
UigbKwLFqlRjJ/8ee2UhNQFwkXf8wDIud/U0kuftu3xtLFJjZsiFJLBUDQ2XQl7z
eXDvLYdq6Jvo3qiW2AuUGzVLiw4IDSUZk4U3b8ER37/SEFFOEXEJ05uzwMinYYmD
qTWm/89O74yzgF6HPKigfzNqePZ4eButFer73hndgja9WvYxSCg=
=4meq
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ