[FD] APPLE-SA-2020-03-24-1 iOS 13.4 and iPadOS 13.4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-03-24-1 iOS 13.4 and iPadOS 13.4 iOS 13.4 and iPadOS 13.4 are now available and address the following: ActionKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to use an SSH client provided by private frameworks Description: This issue was addressed with a new entitlement. CVE-2020-3917: Steven Troughton-Smith (@stroughtonsmith) AppleMobileFileIntegrity Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to use arbitrary entitlements Description: This issue was addressed with improved checks. CVE-2020-3883: Linus Henze (pinauten.de) Bluetooth Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: A logic issue was addressed with improved state management. CVE-2020-9770: Jianliang Wu of PurSec Lab of Purdue University, Xinwen Fu and Yue Zhang of the University of Central Florida CoreFoundation Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to elevate privileges Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG Icons Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Setting an alternate app icon may disclose a photo without needing permission to access photos Description: An access issue was addressed with additional sandbox restrictions. CVE-2020-3916: Vitaliy Alekseev (@villy21) Icons Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to identify what other applications a user has installed Description: The issue was addressed with improved handling of icon caches. CVE-2020-9773: Chilik Tamir of Zimperium zLabs Image Processing Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9768: Mohamed Ghannam (@_simo36) IOHIDFamily Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3919: an anonymous researcher Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3914: pattern-f (@pattern_F_) of WaCai Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved state management. CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team libxml2 Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved size validation. CVE-2020-3910: LGTM.com libxml2 Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved bounds checking. CVE-2020-3909: LGTM.com CVE-2020-3911: found by OSS-Fuzz Mail Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A local user may be able to view deleted content in the app switcher Description: The issue was resolved by clearing application previews when content is deleted. CVE-2020-9780: an anonymous researcher, Dimitris Chaintinis Mail Attachments Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Cropped videos may not be shared properly via Mail Description: An issue existed in the selection of video file by Mail. The issue was fixed by selecting the latest version of a video. CVE-2020-9777 Messages Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A person with physical access
[FD] APPLE-SA-2020-03-24-4 watchOS 6.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-03-24-4 watchOS 6.2 watchOS 6.2 is now available and addresses the following: ActionKit Available for: Apple Watch Series 1 and later Impact: An application may be able to use an SSH client provided by private frameworks Description: This issue was addressed with a new entitlement. CVE-2020-3917: Steven Troughton-Smith (@stroughtonsmith) AppleMobileFileIntegrity Available for: Apple Watch Series 1 and later Impact: An application may be able to use arbitrary entitlements Description: This issue was addressed with improved checks. CVE-2020-3883: Linus Henze (pinauten.de) CoreFoundation Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG Icons Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to identify what other applications a user has installed Description: The issue was addressed with improved handling of icon caches. CVE-2020-9773: Chilik Tamir of Zimperium zLabs Icons Available for: Apple Watch Series 1 and later Impact: Setting an alternate app icon may disclose a photo without needing permission to access photos Description: An access issue was addressed with additional sandbox restrictions. CVE-2020-3916: Vitaliy Alekseev (@villy21) Image Processing Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9768: Mohamed Ghannam (@_simo36) IOHIDFamily Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3919: an anonymous researcher Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3914: pattern-f (@pattern_F_) of WaCai Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved state management. CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team libxml2 Available for: Apple Watch Series 1 and later Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved bounds checking. CVE-2020-3909: LGTM.com CVE-2020-3911: found by OSS-Fuzz libxml2 Available for: Apple Watch Series 1 and later Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved size validation. CVE-2020-3910: LGTM.com Messages Available for: Apple Watch Series 1 and later Impact: A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled Description: A logic issue was addressed with improved state management. CVE-2020-3891: Peter Scott WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3895: grigoritchy CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3901: Benjamin Randazzo (@benjamin) WebKit Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s Zero Day Initiative Additional recognition FontParser We would like to acknowledge Matthew Denton of Google Chrome for their assistance. Kernel We would like to acknowledge Siguza for their assistance. LinkPresentation We would like to acknowledge Travis for their assistance. Phone We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. rapportd We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of Technische Universität Darmstadt for their assistance. WebKit We would like to acknowledge Samuel Groß of Google Project Zero and an anonymous researcher for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My
[FD] APPLE-SA-2020-03-24-7 Xcode 11.4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-03-24-7 Xcode 11.4 Xcode 11.4 is now available and contains security improvements. Additional recognition ld64 We would like to acknowledge an anonymous researcher for their assistance. Installation note: Xcode 11.4 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "Xcode 11.4". -BEGIN PGP SIGNATURE- Version: BCPG v1.64 iQIbBAEDCAAGBQJeejDbAAoJEAc+Lhnt8tDNEOQP+KOaKJeW4AI5dcNJA1tmpxto tz2innzADqyR2VonOzPiIJmz3ini36U8/C+2VxUfI01wt8a3uUw75YQp19nLdcmm Ba3ZLx9n6GycMOQs158u1LCoqQklmXA+YAoQTQoMmMzRH601awj5AB4g2NeSVXmh k+Fs2bC4FT0+4Ci226Abl1RP9kD4YCSWHjtNQaaSKH7/ODstclcPFLV1qoaIvD6J DOBAm5i4IuEtNV9pkQHumxbiSyEkiWg0rxuuB0Q6xbpsitDTAViCiRWn7TSurIdM ppzKwcQNCFUIU9Esd2iBmNg/Qw9p6e/89kbflI0AOofGcKBEx81l/Ohev1Z3Z+Qq vG+ID2WQBedhVX40yULqUD9SZoyTG2F/o8YzjY8fKz91EAZz4ZLJBs/yGkbt6KNP M3Yvtb3/mQIITDB7BgGgT6X/X+CwRe/vXdqlP+ZhX7sGjwYpNRGZPYrU+JkVgois f9IrWwV8WxEUpjE7O7v/YpmRCe6deaYvN6NTMimOSLSBgPx/2WH49/et5r2HvqTM n+4ff59S8pe3uuZ4vo9ziUAOw+KvI10pp56QMCo/Cu1+SPpL7d/+DU+AsACfoHQp mhv2+yxTVwxxQszJJHwlP3j6iYn85ROL1KtizBlkOGu7m50uz+IDxmCEI1RxQwnN slOwY7fbw1je4GEA4U8= =a+Vw -END PGP SIGNATURE- ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
[FD] APPLE-SA-2020-03-24-3 tvOS 13.4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-03-24-3 tvOS 13.4 tvOS 13.4 is now available and addresses the following: ActionKit Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to use an SSH client provided by private frameworks Description: This issue was addressed with a new entitlement. CVE-2020-3917: Steven Troughton-Smith (@stroughtonsmith) AppleMobileFileIntegrity Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to use arbitrary entitlements Description: This issue was addressed with improved checks. CVE-2020-3883: Linus Henze (pinauten.de) Icons Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to identify what other applications a user has installed Description: The issue was addressed with improved handling of icon caches. CVE-2020-9773: Chilik Tamir of Zimperium zLabs Image Processing Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with system privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9768: Mohamed Ghannam (@_simo36) IOHIDFamily Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3919: an anonymous researcher Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3914: pattern-f (@pattern_F_) of WaCai Kernel Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved state management. CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team libxml2 Available for: Apple TV 4K and Apple TV HD Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved bounds checking. CVE-2020-3909: LGTM.com CVE-2020-3911: found by OSS-Fuzz libxml2 Available for: Apple TV 4K and Apple TV HD Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved size validation. CVE-2020-3910: LGTM.com WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3895: grigoritchy CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech WebKit Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to read restricted memory Description: A race condition was addressed with additional validation. CVE-2020-3894: Sergei Glazunov of Google Project Zero WebKit Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2020-3899: found by OSS-Fuzz WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit) WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3901: Benjamin Randazzo (@benjamin) WebKit Available for: Apple TV 4K and Apple TV HD Impact: A download's origin may be incorrectly associated Description: A logic issue was addressed with improved restrictions. CVE-2020-3887: Ryan Pickren (ryanpickren.com) WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9783: Apple WebKit Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s Zero Day Initiative WebKit Page Loading Available for: Apple TV 4K and Apple TV HD Impact: A file URL may be incorrectly processed Description: A logic issue was addressed with improved restrictions. CVE-2020-3885: Ryan Pickren (ryanpickren.com) Additional recognition FontParser We would like to acknowledge Matthew Denton of Google Chrome for their assistance. Kernel We would like to acknowledge Siguza for their assistance. LinkPresentation We would like to acknowledge Travis for their assistance. WebKit We would like to
[FD] APPLE-SA-2020-03-24-6 iTunes for Windows 12.10.5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-03-24-6 iTunes for Windows 12.10.5 iTunes for Windows 12.10.5 is now available and addresses the following: libxml2 Available for: Windows 7 and later Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved size validation. CVE-2020-3910: LGTM.com libxml2 Available for: Windows 7 and later Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved bounds checking. CVE-2020-3909: LGTM.com CVE-2020-3911: found by OSS-Fuzz WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3901: Benjamin Randazzo (@benjamin) WebKit Available for: Windows 7 and later Impact: A download's origin may be incorrectly associated Description: A logic issue was addressed with improved restrictions. CVE-2020-3887: Ryan Pickren (ryanpickren.com) WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3895: grigoritchy CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech WebKit Available for: Windows 7 and later Impact: An application may be able to read restricted memory Description: A race condition was addressed with additional validation. CVE-2020-3894: Sergei Glazunov of Google Project Zero WebKit Available for: Windows 7 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s Zero Day Initiative WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9783: Apple WebKit Available for: Windows 7 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2020-3899: found by OSS-Fuzz WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit) WebKit Page Loading Available for: Windows 7 and later Impact: A file URL may be incorrectly processed Description: A logic issue was addressed with improved restrictions. CVE-2020-3885: Ryan Pickren (ryanpickren.com) Additional recognition WebKit We would like to acknowledge Emilio Cobos Álvarez of Mozilla, Samuel Groß of Google Project Zero, and an anonymous researcher for their assistance. Installation note: iTunes for Windows 12.10.5 may be obtained from: https://www.apple.com/itunes/download/ -BEGIN PGP SIGNATURE- Version: BCPG v1.64 iQIcBAEDCAAGBQJeejDYAAoJEAc+Lhnt8tDN1/QP/iLf1EZKWPsH8W908AiHXb3/ 0tqn/iO2ZQ0VhAeMQrtjORhJJlekam4fxpZbsYt4xtjcga1ad8IN7tpTsLCYwEQD sw1/izjkYUj/eRGeX7CEswN7GHfsA4ilR4kH07x6adD17J7PDaCQ81l/Cf/KiGY5 hvqD8DUuVrMCmbyRF9ldJ/DaGLYKN2gh/fRZZm8CmbmQ8BDtLa18SEGUjMmOXAuo y+f/2H7hgCbWg5OdNzVxEJ2U34nEGIhURDIst5f6+RDQCfYXWGfj8sXXKFGnKCSI 1byaJS+yH4UUURCqVbucw+K6EmUO1brnB0A8g+RvfXd/uic1n91xRs5V7doXsoAq M9GqQcSnm9dfjjF6g4xAPpyJNEUOhMHzb6ZWdBQGhAGdMdjTUlXPDY0dgQgZL6Jh rNkzaaUJEv+SOJfFvB3pYyfsmnReBtfxgOTnCXZZdEfn4b/4NhqBZocekjJCd7N3 bPY+fVzvVplXaszwipKaeT/hnQFtlAItND+tPrEagtV0gpPX4RaiYfxKnJ1JojvM YM1y3SFU4jaZkeEA2/J33NSV1kigxBxHO8eLCG2eGivotL2HNzHzBi3GLg2W2oXI 6M1DaBkSmolD3T2eTiYsyQh2dTnjjNInN+HKLEUbenwHOzYgdoJt41fpzO0vYezH v9gKNIRdet2XQFFTnhvv =dwLs -END PGP SIGNATURE- ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
[FD] APPLE-SA-2020-03-24-5 Safari 13.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-03-24-5 Safari 13.1 Safari 13.1 is now available and addresses the following: Safari Downloads Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: A malicious iframe may use another website’s download settings Description: A logic issue was addressed with improved restrictions. CVE-2020-9784: Ruilin Yang of Tencent Security Xuanwu Lab, Ryan Pickren (ryanpickren.com) WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3901: Benjamin Randazzo (@benjamin) WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: A download's origin may be incorrectly associated Description: A logic issue was addressed with improved restrictions. CVE-2020-3887: Ryan Pickren (ryanpickren.com) WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3895: grigoritchy CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: An application may be able to read restricted memory Description: A race condition was addressed with additional validation. CVE-2020-3894: Sergei Glazunov of Google Project Zero WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: Processing maliciously crafted web content may lead to code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9783: Apple WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: A remote attacker may be able to cause arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s Zero Day Initiative WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2020-3899: found by OSS-Fuzz WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit) WebKit Page Loading Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: A file URL may be incorrectly processed Description: A logic issue was addressed with improved restrictions. CVE-2020-3885: Ryan Pickren (ryanpickren.com) Additional recognition Safari We would like to acknowledge Dlive of Tencent Security Xuanwu Lab, Jacek Kolodziej of Procter & Gamble, and Justin Taft of One Up Security, LLC for their assistance. Safari Extensions We would like to acknowledge Jeff Johnson of underpassapp.com for their assistance. Safari Reader We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com) for their assistance. WebKit We would like to acknowledge Emilio Cobos Álvarez of Mozilla, Samuel Groß of Google Project Zero, and an anonymous researcher for their assistance. Installation note: Safari 13.1 may be obtained from the Mac App Store. -BEGIN PGP SIGNATURE- Version: BCPG v1.64 iQIcBAEDCAAGBQJeejDWAAoJEAc+Lhnt8tDN+aYP/2PReUsWsxAK0Xv2Uv6h2jht aBFzq84DKiz26b6xi5/c40bLzCc7zoHySJHIPoHNiUMocQHmyRbOziE6pSWXpmcm rZK5iJ0IF9TAPt58zqkxmUcTr+T/dq1aiVXJNRSp/NolB4rN5Vg8BHywZ8nOYmGl SPDe1Xo15Q1yDBxjaoAo6vMXeu2/DPoVk/WNSceWGcd/ImCqoFpWvmmpuVyJXN0u nFskPkX46KP8SGwf2F9lPWwfLNMGrqSxWh8Wsnevhot/CVjS5hguGlsLvv+5cIE3 DQfDwjMAKXTbJAUXVxcUv4I1k7qoDOPvfaLhZLKaPb2/0TB0Gsovyz9/Dd68Y8a3 bkEoJaM/mnp9p3V//2ITES1LYpibzXL3AUWDWwYvCaIDghllXFn+5tmu7Pd40sIQ Pl/qSzdOQ57OJbjedMsJkhtTX71iuhWbEMvzB+btrKRKKIOcCdnpWYMrYe8Zflil wUWyPiOLNoj18qT/iUfcq2qD98CNPMheYZHr6JWnXDCaRkZ6z7C0yemu/auZOmiD cIeYBa4wnBoYX8Vd1avqyUXAUe2C5gjJOynb7x4TwkKIbcmkrZpMcLM2prNM6h29 G04eqXKH/SODUViPZGn3vahn2SZ4HtN9R7Ae7+pJfbI/0IDjLaA+yzQa6MBBpzNV 9nrxH+hfviekXKwfUo5r =JnUX -END PGP SIGNATURE- ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
[FD] Authentication Bypass in Tribal SITS:Vision
SITS:Vision 9.7.0 Authentication Bypass [-] Software Link: https://www.tribalgroup.com/software-and-services/student-information-systems/sitsvision [-] Affected Versions: Version 9.7.0 and possibly other versions. [-] Vulnerability Description: An authentication bypass vulnerability is present in the standalone SITS:Vision component of Tribal SITS in its default configuration, related to unencrypted communications sent by the client each time it is launched. This vulnerability allows unauthenticated attackers to gain access to credentials or execute arbitrary SQL queries on the SITS backend as long as they have access to the client executable or can intercept traffic from a user who does. [-] Solution: According to the vendor, changing a configuration setting to enable the Uniface TLS driver will mitigate the issue. [-] Disclosure Timeline: [15/11/2019] - Issue reported to vendor. [18/11/2019] - Vendor replies that they consider this to be OK as it can be mitigated with a Uniface configuration change. [20/11/2019] - CVE number assigned. [23/03/2020] - Publication of this advisory. [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2019-19127 to this vulnerability. [-] Credits: Vulnerability discovered by Callum Murphy. Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under company number. 05747339, VAT number GB 197 0632 86. Jisc’s registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800. Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 02881024, VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800. For more details on how Jisc handles your data see our privacy notice here: https://www.jisc.ac.uk/website/privacy-notice ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/