[FD] APPLE-SA-2018-12-05-3 tvOS 12.1.1

2018-12-07 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-12-05-3 tvOS 12.1.1 tvOS 12.1.1 is now available and addresses the following: Airport Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to elevate privileges Description: A type

[FD] APPLE-SA-2018-12-05-4 Safari 12.0.2

2018-12-07 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-12-05-4 Safari 12.0.2 Safari 12.0.2 is now available and addresses the following: Safari Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14.1 Impact: Visiting a malicious website may lead to

[FD] APPLE-SA-2018-12-06-1 watchOS 5.1.2

2018-12-07 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-12-06-1 watchOS 5.1.2 watchOS 5.1.2 is now available and addresses the following: Airport Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A type confusion

[FD] APPLE-SA-2018-12-05-1 iOS 12.1.1

2018-12-07 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-12-05-1 iOS 12.1.1 iOS 12.1.1 is now available and addresses the following: Airport Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate

[FD] APPLE-SA-2018-12-05-5 iTunes 12.9.2 for Windows

2018-12-07 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-12-05-5 iTunes 12.9.2 for Windows iTunes 12.9.2 for Windows is now available and addresses the following: Safari Available for: Windows 7 and later Impact: Visiting a malicious website may lead to address bar spoofing Description: A

[FD] APPLE-SA-2018-12-05-6 iCloud for Windows 7.9

2018-12-07 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-12-05-6 iCloud for Windows 7.9 iCloud for Windows 7.9 is now available and addresses the following: Safari Available for: Windows 7 and later Impact: Visiting a malicious website may lead to address bar spoofing Description: A logic

[FD] APPLE-SA-2018-12-05-2 macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra

2018-12-07 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-12-05-2 macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra are now available and addresses the

[FD] APPLE-SA-2018-12-05-7 Shortcuts 2.1.2

2018-12-07 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-12-05-7 Shortcuts 2.1.2 Shortcuts 2.1.2 is now available and addresses the following: This update has no published CVE entries. We would like to acknowledge Micah A for their assistance. Installation note: Shortcuts 2.1.2 for iOS

[FD] APPLE-SA-2019-3-25-5 iTunes 12.9.4 for Windows

2019-03-26 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-3-25-5 iTunes 12.9.4 for Windows iTunes 12.9.4 for Windows is now available and addresses the following: CoreCrypto Available for: Windows 7 and later Impact: A malicious application may be able to elevate privileges Description: A

[FD] APPLE-SA-2019-3-25-6 iCloud for Windows 7.11

2019-03-26 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-3-25-6 iCloud for Windows 7.11 iCloud for Windows 7.11 is now available and addresses the following: CoreCrypto Available for: Windows 7 and later Impact: A malicious application may be able to elevate privileges Description: A

[FD] APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra

2019-03-26 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra are now available and addresses the

[FD] APPLE-SA-2019-3-25-7 Xcode 10.2

2019-03-26 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-3-25-7 Xcode 10.2 Xcode 10.2 is now available and addresses the following: Kernel Available for: macOS 10.13.6 or later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory

[FD] APPLE-SA-2019-3-25-4 Safari 12.1

2019-03-26 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-3-25-4 Safari 12.1 Safari 12.1 is now available and addresses the following: Safari Reader Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and Mojave 10.14.4 Impact: Enabling the Safari Reader feature on a maliciously

[FD] APPLE-SA-2019-3-25-3 tvOS 12.2

2019-03-26 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-3-25-3 tvOS 12.2 tvOS 12.2 is now available and addresses the following: CFString Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted string may lead to a denial of service Description: A

[FD] APPLE-SA-2019-3-25-1 iOS 12.2

2019-03-26 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-3-25-1 iOS 12.2 iOS 12.2 is now available and addresses the following: CFString Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted string may lead to a

[FD] APPLE-SA-2019-3-27-1 watchOS 5.2

2019-03-29 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-3-27-1 watchOS 5.2 watchOS 5.2 is now available and addresses the following: CFString Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted string may lead to a denial of service Description: A

[FD] APPLE-SA-2019-2-07-1 iOS 12.1.4

2019-02-08 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-2-07-1 iOS 12.1.4 iOS 12.1.4 is now available and addresses the following: FaceTime Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: The initiator of a Group FaceTime call may be able to

[FD] APPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOS

2019-02-08 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOS Shortcuts 2.1.3 for iOS is now available and addresses the following: Shortcuts Available for: Shortcuts 2.1.2 for iOS Impact: A local user may be able to view senstive user information Description: A

[FD] APPLE-SA-2019-2-07-2 macOS Mojave 10.14.3 Supplemental Update

2019-02-08 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-2-07-2 macOS Mojave 10.14.3 Supplemental Update macOS Mojave 10.14.3 Supplemental Update is now available and addresses the following: FaceTime Available for: macOS Mojave 10.14.3 Impact: The initiator of a Group FaceTime call may be

[FD] APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra

2019-01-25 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra are now available and addresses the

[FD] APPLE-SA-2019-1-22-5 Safari 12.0.3

2019-01-25 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-1-22-5 Safari 12.0.3 Safari 12.0.3 is now available and addresses the following: Safari Reader Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14.3 Impact: Processing maliciously crafted web

[FD] APPLE-SA-2019-1-22-6 iCloud for Windows 7.10

2019-01-25 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-1-22-6 iCloud for Windows 7.10 iCloud for Windows 7.10 is now available and addresses the following: SQLite Available for: Windows 7 and later Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description:

[FD] APPLE-SA-2019-1-22-1 iOS 12.1.3

2019-01-25 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-1-22-1 iOS 12.1.3 iOS 12.1.3 is now available and addresses the following: AppleKeyStore Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent

[FD] APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows

2019-01-25 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows iTunes 12.9.3 for Windows is now available and addresses the following: AppleKeyStore Available for: Windows 7 and later Impact: A sandboxed process may be able to circumvent sandbox restrictions

[FD] APPLE-SA-2019-1-22-4 tvOS 12.1.2

2019-01-25 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-1-22-4 tvOS 12.1.2 tvOS 12.1.2 is now available and addresses the following: AppleKeyStore Available for: Apple TV 4K and Apple TV (4th generation) Impact: A sandboxed process may be able to circumvent sandbox restrictions

[FD] APPLE-SA-2019-1-22-3 watchOS 5.1.3

2019-01-25 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-1-22-3 watchOS 5.1.3 watchOS 5.1.3 is now available and addresses the following: AppleKeyStore Available for: All Apple Watch models Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A memory

[FD] APPLE-SA-2019-5-28-2 iCloud for Windows 7.12

2019-05-29 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-5-28-2 iCloud for Windows 7.12 iCloud for Windows 7.12 is now available and addresses the following: SQLite Available for: Windows 7 and later Impact: An application may be able to gain elevated privileges Description: An input

[FD] APPLE-SA-2019-5-28-1 iTunes for Windows 12.9.5

2019-05-29 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-5-28-1 iTunes for Windows 12.9.5 iTunes for Windows 12.9.5 is now available and addresses the following: SQLite Available for: Windows 7 and later Impact: An application may be able to gain elevated privileges Description: An input

[FD] APPLE-SA-2019-5-30-1 AirPort Base Station Firmware Update 7.9.1

2019-06-11 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-5-30-1 AirPort Base Station Firmware Update 7.9.1 AirPort Base Station Firmware Update 7.9.1 is now available and addresses the following: AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base

[FD] APPLE-SA-2019-6-20-1 AirPort Base Station Firmware Update 7.8.1

2019-06-24 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-6-20-1 AirPort Base Station Firmware Update 7.8.1 AirPort Base Station Firmware Update 7.8.1 is now available and addresses the following: AirPort Base Station Firmware Available for: AirPort Express, AirPort Extreme, and AirPort

[FD] APPLE-SA-2019-5-13-4 watchOS 5.2.1

2019-05-13 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-5-13-4 watchOS 5.2.1 watchOS 5.2.1 is now available and addresses the following: AppleFileConduit Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges

[FD] APPLE-SA-2019-5-13-5 Safari 12.1.1

2019-05-13 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-5-13-5 Safari 12.1.1 Safari 12.1.1 is now available and addresses the following: WebKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and included in macOS Mojave 10.14.5 Impact: Processing maliciously crafted web

[FD] APPLE-SA-2019-5-13-1 iOS 12.3

2019-05-13 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-5-13-1 iOS 12.3 iOS 12.3 is now available and addresses the following: AppleFileConduit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary

[FD] APPLE-SA-2019-5-13-3 tvOS 12.3

2019-05-13 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-5-13-3 tvOS 12.3 tvOS 12.3 is now available and addresses the following: AppleFileConduit Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with system privileges Description: A

[FD] APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra

2019-05-13 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra are now available and addresses the

[FD] APPLE-SA-2019-5-13-6 Apple TV Software 7.3

2019-05-13 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-5-13-6 Apple TV Software 7.3 Apple TV Software 7.3 is now available and addresses the following: Bluetooth Available for: Apple TV (3rd generation) Impact: A remote attacker may cause an unexpected application termination or

[FD] APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3

2019-08-16 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3 watchOS 5.3 addresses the following: Bluetooth Available for: Apple Watch Series 1 and later Impact: An attacker in a privileged network position may be able to

[FD] APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra

2019-08-16 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004

[FD] APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4

2019-08-16 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4 tvOS 12.4 addresses the following: Bluetooth Available for: Apple TV 4K and Apple TV HD Impact: An attacker in a privileged network position may be able to intercept

[FD] APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4

2019-08-16 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4 iOS 12.4 addresses the following: Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: An attacker in a

[FD] APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0

2019-08-16 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0 SwiftNIO HTTP/2 1.5.0 is now available and addresses the following: SwiftNIO HTTP/2 Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on macOS Sierra 10.12 and later and Ubuntu 14.04 and later Impact: A

[FD] APPLE-SA-2019-7-22-5 tvOS 12.4

2019-07-23 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-7-22-5 tvOS 12.4 tvOS 12.4 is now available and addresses the following: Core Data Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with

[FD] APPLE-SA-2019-7-22-4 watchOS 5.3

2019-07-23 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-7-22-4 watchOS 5.3 watchOS 5.3 is now available and addresses the following: Core Data Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was

[FD] APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra

2019-07-23 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra are now available and address the

[FD] APPLE-SA-2019-7-22-3 Safari 12.1.2

2019-07-23 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-7-22-3 Safari 12.1.2 Safari 12.1.2 is now available and addresses the following: Safari Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and included in macOS Mojave 10.14.6 Impact: Visiting a malicious website may

[FD] APPLE-SA-2019-7-22-1 iOS 12.4

2019-07-23 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-7-22-1 iOS 12.4 iOS 12.4 is now available and addresses the following: Core Data Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A remote attacker may be able to leak memory

[FD] APPLE-SA-2019-7-23-3 iCloud for Windows 10.6

2019-07-26 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6 iCloud for Windows 10.6 is now available and addresses the following: libxslt Available for: Windows 10 and later via the Microsoft Store Impact: A remote attacker may be able to view sensitive

[FD] APPLE-SA-2019-7-23-1 iCloud for Windows 7.13

2019-07-26 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13 iCloud for Windows 7.13 is now available and addresses the following: libxslt Available for: Windows 7 and later Impact: A remote attacker may be able to view sensitive information Description: A stack

[FD] APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6

2019-07-26 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6 iTunes for Windows 12.9.6 is now available and addresses the following: libxslt Available for: Windows 7 and later Impact: A remote attacker may be able to view sensitive information Description: A

[FD] APPLE-SA-2019-9-26-3 iOS 13

2019-09-27 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-9-26-3 iOS 13 iOS 13 addresses the following: Bluetooth Available for: iPhone 6s and later Impact: Notification previews may show on Bluetooth accessories even when previews are disabled Description: A logic issue existed with the

[FD] APPLE-SA-2019-9-26-5 watchOS 6

2019-09-27 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-9-26-5 watchOS 6 watchOS 6 addresses the following: Foundation Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description:

[FD] APPLE-SA-2019-9-26-6 tvOS 13

2019-09-27 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-9-26-6 tvOS 13 tvOS 13 addresses the following: Keyboards Available for: Apple TV 4K and Apple TV HD Impact: A local user may be able to leak sensitive user information Description: An authentication issue was addressed with improved

[FD] APPLE-SA-2019-9-26-9 Safari 13.0.1

2019-09-27 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-9-26-9 Safari 13.0.1 Safari 13.0.1 addresses the following: Safari Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6 Impact: Visiting a malicious website may lead to user interface spoofing Description: An inconsistent

[FD] APPLE-SA-2019-9-26-1 iOS 12.4.2

2019-09-27 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-9-26-1 iOS 12.4.2 iOS 12.4.2 is now available and addresses the following: Foundation Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPad touch 6th generation Impact: A remote attacker may

[FD] APPLE-SA-2019-9-26-8 iOS 13.1 and iPadOS 13.1

2019-09-27 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-9-26-8 iOS 13.1 and iPadOS 13.1 iOS 13.1 and iPadOS 13.1 address the following: VoiceOver Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A person with physical

[FD] APPLE-SA-2019-9-26-2 macOS Mojave 10.14.6 Supplemental Update 2, Security Update 2019-005 High Sierra, Security Update 2019-005 Sierra

2019-09-27 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-9-26-2 macOS Mojave 10.14.6 Supplemental Update 2, Security Update 2019-005 High Sierra, Security Update 2019-005 Sierra macOS Mojave 10.14.6 Supplemental Update 2, Security Update 2019-005 High Sierra, Security Update 2019-005 Sierra

[FD] APPLE-SA-2019-9-26-4 Safari 13

2019-09-27 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-9-26-4 Safari 13 Safari 13 addresses the following: WebKit Page Loading Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6 Impact: Processing maliciously crafted web content may lead to universal cross site scripting

[FD] APPLE-SA-2019-9-26-7 Xcode 11.0

2019-09-27 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-9-26-7 Xcode 11.0 Xcode 11.0 addresses the following: IDE SCM Available for: macOS Mojave 10.14.4 and later Impact: Multiple issues in libssh2 Description: Multiple issues were addressed by updating to version 2.16. CVE-2019-3855:

[FD] APPLE-SA-2019-9-27-1 iOS 13.1.1 and iPadOS 13.1.1

2019-10-01 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-9-27-1 iOS 13.1.1 and iPadOS 13.1.1 iOS 13.1.1 and iPadOS 13.1.1 are now available and address the following: Sandbox Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

[FD] APPLE-SA-2019-11-01-1 Xcode 11.2

2019-11-04 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-11-01-1 Xcode 11.2 Xcode 11.2 addresses the following: llvm Available for: macOS Mojave 10.14.4 and later Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was

[FD] APPLE-SA-2019-10-29-7 Additional information for APPLE-SA-2019-9-26-4 Safari 13

2019-10-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-29-7 Additional information for APPLE-SA-2019-9-26-4 Safari 13 Safari 13 addresses the following: WebKit Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6 Impact: Processing maliciously crafted web content may lead

[FD] APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15

2019-10-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15 macOS Catalina 10.15 addresses the following: AMD Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012

[FD] APPLE-SA-2019-10-29-4 watchOS 6.1

2019-10-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-29-4 watchOS 6.1 watchOS 6.1 is now available and addresses the following: Accounts Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was

[FD] APPLE-SA-2019-10-29-3 tvOS 13.2

2019-10-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-29-3 tvOS 13.2 tvOS 13.2 is now available and addresses the following: Accounts Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with

[FD] APPLE-SA-2019-10-29-6 Additional information for APPLE-SA-2019-9-26-3 iOS 13

2019-10-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-29-6 Additional information for APPLE-SA-2019-9-26-3 iOS 13 iOS 13 addresses the following: Bluetooth Available for: iPhone 6s and later Impact: Notification previews may show on Bluetooth accessories even when previews are

[FD] APPLE-SA-2019-10-29-11 Additional information for APPLE-SA-2019-9-26-8 iOS 13.1 and iPadOS 13.1

2019-10-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-29-11 Additional information for APPLE-SA-2019-9-26-8 iOS 13.1 and iPadOS 13.1 iOS 13.1 and iPadOS 13.1 address the following: AppleFirmwareUpdateKext Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and

[FD] APPLE-SA-2019-10-29-2 macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra

2019-10-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-29-2 macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra are now available and address the

[FD] APPLE-SA-2019-10-29-8 Additional information for APPLE-SA-2019-9-26-5 watchOS 6

2019-10-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-29-8 Additional information for APPLE-SA-2019-9-26-5 watchOS 6 watchOS 6 addresses the following: Audio Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code

[FD] APPLE-SA-2019-10-29-5 Safari 13.0.3

2019-10-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-29-5 Safari 13.0.3 Safari 13.0.3 is now available and addresses the following: WebKit Available for: macOS Mojave 10.14.6 and macOS High Sierra 10.13.6, and included in macOS Catalina 10.15.1 Impact: Processing maliciously crafted

[FD] APPLE-SA-2019-10-29-1 iOS 13.2 and iPadOS 13.2

2019-10-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-29-1 iOS 13.2 and iPadOS 13.2 iOS 13.2 and iPadOS 13.2 are now available and address the following: Accounts Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A

[FD] APPLE-SA-2019-10-29-9 Additional information for APPLE-SA-2019-9-26-6 tvOS 13

2019-10-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-29-9 Additional information for APPLE-SA-2019-9-26-6 tvOS 13 tvOS 13 addresses the following: AppleFirmwareUpdateKext Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with

[FD] APPLE-SA-2019-12-10-7 Xcode 11.3

2019-12-13 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-12-10-7 Xcode 11.3 Xcode 11.3 is now available and addresses the following: ld64 Available for: macOS Mojave 10.14.4 and later Impact: Compiling with untrusted sources may lead to arbitrary code execution with user privileges

[FD] APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3

2019-12-13 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3 iOS 13.3 and iPadOS 13.3 is now available and addresses the following: CallKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact:

[FD] APPLE-SA-2019-12-10-4 watchOS 5.3.4

2019-12-13 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-12-10-4 watchOS 5.3.4 watchOS 5.3.4 is now available and addresses the following: FaceTime Available for: Apple Watch Series 1, Apple Watch Series 2, Apple Watch Series 3, and Apple Watch Series 4 when paired to a device with iOS 12

[FD] APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra

2019-12-13 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra is now available and addresses the

[FD] APPLE-SA-2019-12-10-5 tvOS 13.3

2019-12-13 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-12-10-5 tvOS 13.3 tvOS 13.3 is now available and addresses the following: CFNetwork Proxies Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to gain elevated privileges Description: This issue was

[FD] APPLE-SA-2019-12-10-2 iOS 12.4.4

2019-12-13 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-12-10-2 iOS 12.4.4 iOS 12.4.4 is now available and addresses the following: FaceTime Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch 6th generation Impact: Processing malicious

[FD] APPLE-SA-2019-12-10-6 Safari 13.0.4

2019-12-13 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-12-10-6 Safari 13.0.4 Safari 13.0.4 is now available and addresses the following: WebKit Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: Processing maliciously crafted web content may lead to

[FD] APPLE-SA-2019-12-10-8 watchOS 6.1.1

2019-12-13 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-12-10-8 watchOS 6.1.1 watchOS 6.1.1 is now available and addresses the following: CallKit Available for: Apple Watch Series 1 and later Impact: Calls made using Siri may be initiated using the wrong cellular plan on devices with two

[FD] APPLE-SA-2019-10-11-1 Swift 5.1.1 for Ubuntu

2019-10-16 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-11-1 Swift 5.1.1 for Ubuntu Swift 5.1.1 for Ubuntu is now available and addresses the following: Foundation Available for: Ubuntu 14.04, 16.04 and 18.04 Impact: Incorrect management of file descriptors in URLSession could lead to

[FD] APPLE-SA-2019-10-07-3 iCloud for Windows 10.7

2019-10-08 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-07-3 iCloud for Windows 10.7 iCloud for Windows 10.7 is now available and addresses the following: UIFoundation Available for: Windows 10 and later via the Microsoft Store Impact: Processing a maliciously crafted text file may

[FD] APPLE-SA-2019-10-07-1 macOS Catalina 10.15

2019-10-08 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-07-1 macOS Catalina 10.15 macOS Catalina 10.15 is now available and addresses the following: AMD Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late

[FD] APPLE-SA-2019-10-07-2 iTunes for Windows 12.10.1

2019-10-08 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-07-2 iTunes for Windows 12.10.1 iTunes for Windows 12.10.1 is now available and addresses the following: UIFoundation Available for: Windows 7 and later Impact: Processing a maliciously crafted text file may lead to arbitrary code

[FD] APPLE-SA-2019-10-07-4 iCloud for Windows 7.14

2019-10-08 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-10-07-4 iCloud for Windows 7.14 iCloud for Windows 7.14 is now available and addresses the following: UIFoundation Available for: Windows 7 and later Impact: Processing a maliciously crafted text file may lead to arbitrary code

[FD] APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra

2020-01-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra macOS Catalina 10.15.3, Security Update 2020-001 Mojave, and Security Update 2020-001 High Sierra are now available and address the

[FD] APPLE-SA-2020-1-28-3 watchOS 6.1.2

2020-01-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-1-28-3 watchOS 6.1.2 watchOS 6.1.2 is now available and addresses the following: AnnotationKit Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause unexpected application termination or

[FD] APPLE-SA-2020-1-28-5 Safari 13.0.5

2020-01-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-1-28-5 Safari 13.0.5 Safari 13.0.5 is now available and addresses the following: Safari Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: Visiting a malicious website may lead to address bar

[FD] APPLE-SA-2020-1-28-4 tvOS 13.3.1

2020-01-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-1-28-4 tvOS 13.3.1 tvOS 13.3.1 is now available and addresses the following: Audio Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with system privileges Description: A memory

[FD] APPLE-SA-2020-1-28-6 iTunes for Windows 12.10.4

2020-01-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-1-28-6 iTunes for Windows 12.10.4 iTunes for Windows 12.10.4 is now available and addresses the following: Mobile Device Service Available for: Windows 7 and later Impact: A user may gain access to protected parts of the file system

[FD] APPLE-SA-2020-1-29-1 iCloud for Windows 7.17

2020-01-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-1-29-1 iCloud for Windows 7.17 iCloud for Windows 7.17 addresses the following: ImageIO Available for: Windows 7 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An

[FD] APPLE-SA-2020-1-28-1 iOS 13.3.1 and iPadOS 13.3.1

2020-01-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-1-28-1 iOS 13.3.1 and iPadOS 13.3.1 iOS 13.3.1 and iPadOS 13.3.1 are now available and address the following: Audio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

[FD] APPLE-SA-2020-1-29-2 iCloud for Windows 10.9.2

2020-01-31 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-1-29-2 iCloud for Windows 10.9.2 iCloud for Windows 10.9.2 is now available and addresses the following: ImageIO Available for: Windows 10 and later via the Microsoft Store Impact: Processing a maliciously crafted image may lead to

[FD] APPLE-SA-2020-03-25-1 iCloud for Windows 10.9.3

2020-03-27 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-03-25-1 iCloud for Windows 10.9.3 iCloud for Windows 10.9.3 is now available and addresses the following: libxml2 Available for: Windows 10 and later via the Microsoft Store Impact: Multiple issues in libxml2 Description: A buffer

[FD] APPLE-SA-2020-03-25-2 iCloud for Windows 7.18

2020-03-27 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-03-25-2 iCloud for Windows 7.18 iCloud for Windows 7.18 is now available and addresses the following: libxml2 Available for: Windows 7 and later Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with

[FD] APPLE-SA-2020-03-24-1 iOS 13.4 and iPadOS 13.4

2020-03-24 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-03-24-1 iOS 13.4 and iPadOS 13.4 iOS 13.4 and iPadOS 13.4 are now available and address the following: ActionKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact:

[FD] APPLE-SA-2020-03-24-4 watchOS 6.2

2020-03-24 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-03-24-4 watchOS 6.2 watchOS 6.2 is now available and addresses the following: ActionKit Available for: Apple Watch Series 1 and later Impact: An application may be able to use an SSH client provided by private frameworks Description:

[FD] APPLE-SA-2020-03-24-7 Xcode 11.4

2020-03-24 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-03-24-7 Xcode 11.4 Xcode 11.4 is now available and contains security improvements. Additional recognition ld64 We would like to acknowledge an anonymous researcher for their assistance. Installation note: Xcode 11.4 may be

[FD] APPLE-SA-2020-03-24-3 tvOS 13.4

2020-03-24 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-03-24-3 tvOS 13.4 tvOS 13.4 is now available and addresses the following: ActionKit Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to use an SSH client provided by private frameworks Description: This

[FD] APPLE-SA-2020-03-24-6 iTunes for Windows 12.10.5

2020-03-24 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-03-24-6 iTunes for Windows 12.10.5 iTunes for Windows 12.10.5 is now available and addresses the following: libxml2 Available for: Windows 7 and later Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed

[FD] APPLE-SA-2020-03-24-5 Safari 13.1

2020-03-24 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-03-24-5 Safari 13.1 Safari 13.1 is now available and addresses the following: Safari Downloads Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: A malicious iframe may use another website’s

  1   2   >