[FD] APPLE-SA-2019-9-26-9 Safari 13.0.1

2019-09-27 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-9-26-9 Safari 13.0.1 Safari 13.0.1 addresses the following: Safari Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6 Impact: Visiting a malicious website may lead to user interface spoofing Description: An inconsistent

[FD] APPLE-SA-2019-9-26-8 iOS 13.1 and iPadOS 13.1

2019-09-27 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-9-26-8 iOS 13.1 and iPadOS 13.1 iOS 13.1 and iPadOS 13.1 address the following: VoiceOver Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A person with physical

[FD] APPLE-SA-2019-9-26-7 Xcode 11.0

2019-09-27 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-9-26-7 Xcode 11.0 Xcode 11.0 addresses the following: IDE SCM Available for: macOS Mojave 10.14.4 and later Impact: Multiple issues in libssh2 Description: Multiple issues were addressed by updating to version 2.16. CVE-2019-3855:

[FD] APPLE-SA-2019-9-26-6 tvOS 13

2019-09-27 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-9-26-6 tvOS 13 tvOS 13 addresses the following: Keyboards Available for: Apple TV 4K and Apple TV HD Impact: A local user may be able to leak sensitive user information Description: An authentication issue was addressed with improved

[FD] APPLE-SA-2019-9-26-5 watchOS 6

2019-09-27 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-9-26-5 watchOS 6 watchOS 6 addresses the following: Foundation Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description:

[FD] APPLE-SA-2019-9-26-3 iOS 13

2019-09-27 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-9-26-3 iOS 13 iOS 13 addresses the following: Bluetooth Available for: iPhone 6s and later Impact: Notification previews may show on Bluetooth accessories even when previews are disabled Description: A logic issue existed with the

[FD] APPLE-SA-2019-9-26-4 Safari 13

2019-09-27 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-9-26-4 Safari 13 Safari 13 addresses the following: WebKit Page Loading Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6 Impact: Processing maliciously crafted web content may lead to universal cross site scripting

[FD] APPLE-SA-2019-9-26-2 macOS Mojave 10.14.6 Supplemental Update 2, Security Update 2019-005 High Sierra, Security Update 2019-005 Sierra

2019-09-27 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-9-26-2 macOS Mojave 10.14.6 Supplemental Update 2, Security Update 2019-005 High Sierra, Security Update 2019-005 Sierra macOS Mojave 10.14.6 Supplemental Update 2, Security Update 2019-005 High Sierra, Security Update 2019-005 Sierra

[FD] APPLE-SA-2019-9-26-1 iOS 12.4.2

2019-09-27 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-9-26-1 iOS 12.4.2 iOS 12.4.2 is now available and addresses the following: Foundation Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPad touch 6th generation Impact: A remote attacker may

[FD] DOM based XSS (Login page) in "GFI Kerio Control" Firewalls v9.3.0 / CVE-2019-16414 - working exploit attached

2019-09-27 Thread Michael Eissele
Hello there, a DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send victim's cleartext credentials back to the attacker. A full PoC with working exploit is attached within this email. CVE: CVE-2019-16414 Vendor: GFI Product: