Ltd.ĬVE-2023-32441: Peter Nguyễn Vũ Hoàng of STAR Labs SG Pte. Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memoryĭescription: A buffer overflow issue was addressed with improved memory handling.ĭescription: A use-after-free issue was addressed with improved memory management.ĬVE-2023-38598: Mohamed GHANNAM added July 27, 2023ĭescription: An integer overflow was addressed with improved input validation.ĭescription: An out-of-bounds read was addressed with improved bounds checking.ĬVE-2023-37285: Arsenii Kostromin (0x3c3e)ĭescription: An out-of-bounds write issue was addressed with improved input validation.ĬVE-2023-32734: Pan ZhenPeng of STAR Labs SG Pte. Impact: Processing a file may lead to unexpected app termination or arbitrary code executionĭescription: The issue was addressed with improved checks.ĬVE-2023-32418: Bool of YunShangHuaAn(云上华安)ĬVE-2023-36854: Bool of YunShangHuaAn(云上华安) Impact: An app may be able to read sensitive location informationĬVE-2023-32416: Wojciech Regula of SecuRing (wojciechregula.blog) Impact: A user in a privileged network position may be able to leak sensitive informationĭescription: A logic issue was addressed with improved state management.ĭescription: Multiple issues were addressed by updating curl. Impact: An app may be able to modify protected parts of the file systemĭescription: This issue was addressed with improved data protection.ĬVE-2023-35983: Mickey Jin for: macOS Ventura Impact: A sandboxed process may be able to circumvent sandbox restrictionsĭescription: A logic issue was addressed with improved restrictions.ĬVE-2023-32364: Gergely Kalman for: macOS Ventura Impact: An app may be able to determine a user’s current locationĭescription: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions.ĬVE-2023-36862: Mickey Jin for: macOS Ventura In those cases, an attacker can achieve elevation of privilege, denial of service, or remote code execution by way of a poisoned document file.Impact: An app may be able to execute arbitrary code with kernel privilegesĭescription: The issue was addressed with improved memory handling.ĬVE-2023-34425: pattern-f of Ant Security Light-Year LabĬVE-2023-38580: Mohamed GHANNAM for: macOS Ventura Meanwhile, Adobe posted multiple software updates of its own, most notably a fix for Reader that patches 16 flaws rated as Critical security risks. Those 10 flaws include three type confusion flaws in V8, a heap buffer overflow in Visuals, out of bounds read flaws in WebGL and ANGLE, and use after free flaws in Blink Task Scheduling, Cas, and WebRTC.Īdministrators and PC owners are advised to test and install the patches as soon as possible, especially given that the Black Hat and Defcon security conferences are set to kick off, meaning the infosec and hacking worlds are set to be particularly active. Of the remaining flaws, all but 10 were deemed "important" security risks, the designation Microsoft normally reserves for bugs that require users to open files for an exploit to occur. The Stackasked Microsoft for clarification on the bug in question but had not heard back from the company at the time of publication. There’s clearly something that makes this bug stand out, but Microsoft offers no clues as to what that may be." "The exception is when the Preview Pane is an attack vector, but that’s not documented here. "This is a bit odd since these types of open-and-own bugs are typically rated Important due to the needed user interaction," Childs writes. Of the six bugs rated as "critical" three were found to be in the Windows Message service ( CVE-2023-35385, CVE-2023-36910, CVE-2023-36911) while the remaining three were split between a pair of teams flaws ( CVE-2023-29328, CVE-2023-29330) and one flaw in Outlook ( CVE-2023-36895) that caught the eye of researchers.Ĭhilds noted that the Outlook flaw stuck out in particular because it is rare for a file-based vulnerability (which requires user interaction) does not normally fit Microsoft's definition of a "critical" vulnerability. "This volume of fixes is the highest we’ve seen in the last few years, although it’s not unusual to see Microsoft ship a large number of patches right before the Black Hat USA conference," noted Dustin Childs of the Trend Micro Zero Day Initiative. The software giant said that of the 86 CVE-listed vulnerabilities it was addressing in its various products an services, six should be considered 'critical' vulnerabilities though none are listed as being exploited in the wild. Microsoft has shipped fixes for 86 security vulnerabilities in its August 2023 Patch Tuesday release.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |