| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <307B43EE-D74A-4030-8C45-62873267C887@lists.apple.com> Date: Tue, 11 Mar 2025 16:15:19 -0700 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-03-11-2025-4 visionOS 2.3.2 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-03-11-2025-4 visionOS 2.3.2 visionOS 2.3.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/122284. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. WebKit Available for: Apple Vision Pro Impact: Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.) Description: An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. WebKit Bugzilla: 285858 CVE-2025-24201: Apple Instructions on how to update visionOS are available at https://support.apple.com/118481. To check the software version on your Apple Vision Pro, open the Settings app and choose General > About. All information is also posted on the Apple Security Releases web site: https://support.apple.com/100100. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmfQr/0ACgkQX+5d1TXa IvqQpRAAz/1GA6Edf0guyJ+OKSV6YLIvZzQL0WfELpwHKbSf3HjOBCz67+vWDBOr pCDx1Sfw1izQ4WjvJTIFC7BShA8GX9zGv1y95ZttWnRC3DD+g6AE6o1wxUjE6GRU 6UZr7WkKbLiCDMNbRrFlqnOzT2uMKCF4o+I8gwBZyQ6Cn9kvby40LJ71zOfcgdVW rJenk6S7sRFVlGEn5upC614eI0yqAe/FJx+UeDYxpZQ2eaLSBLPEWKYRIEvFFlEB iORLwlXP6DqwtsP6HpxjB1y4UF4u15+N8u+ASGdME0mI9XjN8nadnC1ONMxqIRXO D2HwkmL3zvGCtY4nt21jq6qxeX1ViR3WcVLSBrXY3jGJfcej1R/WmkuyfJ+M2qIw K3okpSbbzZ60HYxKFMWL1NKftCVE7/73QQNAIvUfwIDt6EYyNDl5sZRv1aZKEbFn g2syrkdqugpiUiUpHXiJ1O4StQMvRooO/OkhqRPUCrPQ1Pf1cA3inrimsIF1jxqC 2ilwnBgZwJD0tzyYrtY4OKZyM29kMnaAV0+EiYUaOxmNRxczTf+Z7QhohvEvp/E3 5QsHfVOT2C5rgfX+fjRC1+43zAD1CSKXQ4BqSo+NK8TVy9faRZ6FR/TujTA8N3qh 46K5d+7ldNecnkQej50ewcOu7I3zTP3vsgYPQrAehR4drc75ZQc= =AOP+ -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists