[FD] APPLE-SA-2019-10-29-3 tvOS 13.2

2019-10-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-29-3 tvOS 13.2 tvOS 13.2 is now available and addresses the following: Accounts Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with

[FD] APPLE-SA-2019-10-29-11 Additional information for APPLE-SA-2019-9-26-8 iOS 13.1 and iPadOS 13.1

2019-10-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-29-11 Additional information for APPLE-SA-2019-9-26-8 iOS 13.1 and iPadOS 13.1 iOS 13.1 and iPadOS 13.1 address the following: AppleFirmwareUpdateKext Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and

[FD] APPLE-SA-2019-10-29-2 macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra

2019-10-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-29-2 macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra are now available and address the

[FD] APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15

2019-10-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15 macOS Catalina 10.15 addresses the following: AMD Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012

[FD] APPLE-SA-2019-10-29-4 watchOS 6.1

2019-10-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-29-4 watchOS 6.1 watchOS 6.1 is now available and addresses the following: Accounts Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was

[FD] APPLE-SA-2019-10-29-8 Additional information for APPLE-SA-2019-9-26-5 watchOS 6

2019-10-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-29-8 Additional information for APPLE-SA-2019-9-26-5 watchOS 6 watchOS 6 addresses the following: Audio Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code

[FD] APPLE-SA-2019-10-29-6 Additional information for APPLE-SA-2019-9-26-3 iOS 13

2019-10-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-29-6 Additional information for APPLE-SA-2019-9-26-3 iOS 13 iOS 13 addresses the following: Bluetooth Available for: iPhone 6s and later Impact: Notification previews may show on Bluetooth accessories even when previews are

[FD] APPLE-SA-2019-10-29-9 Additional information for APPLE-SA-2019-9-26-6 tvOS 13

2019-10-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-29-9 Additional information for APPLE-SA-2019-9-26-6 tvOS 13 tvOS 13 addresses the following: AppleFirmwareUpdateKext Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with

[FD] APPLE-SA-2019-10-29-5 Safari 13.0.3

2019-10-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-29-5 Safari 13.0.3 Safari 13.0.3 is now available and addresses the following: WebKit Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6, and included in macOS Catalina 10.15.1 Impact: Processing maliciously crafted

[FD] APPLE-SA-2019-10-29-1 iOS 13.2 and iPadOS 13.2

2019-10-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-29-1 iOS 13.2 and iPadOS 13.2 iOS 13.2 and iPadOS 13.2 are now available and address the following: Accounts Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A

[FD] APPLE-SA-2019-10-29-7 Additional information for APPLE-SA-2019-9-26-4 Safari 13

2019-10-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-29-7 Additional information for APPLE-SA-2019-9-26-4 Safari 13 Safari 13 addresses the following: WebKit Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6 Impact: Processing maliciously crafted web content may lead

[FD] RootedCON 2020 Call For Papers is open!

2019-10-31 Thread omarbv
__ _ _ ___ _ _ / / _ \ ___ ___ | |_ ___ __| |/ ___/ _ \| \ | | / /| |_) / _ \ / _ \| __/ _ \/ _` | | | | | | \| | / / | _ < (_) | (_) | || __/ (_| | |__| |_| | |\ | /_/ |_| \_\___/ \___/ \__\___|\__,_|\\___/|_| \_|

[FD] SEC Consult SA-20191029-0 :: Authentication Bypass in eIDAS-Node (European #eGovernment cross-border authentication)

2019-10-31 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20191029-0 > === title: Authentication Bypass product: eIDAS-Node vulnerable version: <=v2.3 (v2.1 vulnerability #2) fixed version: v2.3.1

[FD] [RT-SA-2019-014] Unauthenticated Access to Modbus Interface in Carel pCOWeb HVAC

2019-10-31 Thread RedTeam Pentesting GmbH
Advisory: Unauthenticated Access to Modbus Interface in Carel pCOWeb HVAC As part of it's features, the Carel pCOWeb card exposes a Modbus interface to the network. By design, Modbus does not provide authentication, allowing to control the affected system. Details === Product: HVAC units

[FD] [RT-SA-2019-013] Unsafe Storage of Credentials in Carel pCOWeb HVAC

2019-10-31 Thread RedTeam Pentesting GmbH
Advisory: Unsafe Storage of Credentials in Carel pCOWeb HVAC The Carel pCOWeb card stores password hashes in the file "/etc/passwd", allowing privilege escalation by authenticated users. Additionally, plaintext copies of the passwords are stored. Details === Product: HVAC units using the