ISHACK AI BOT

OS X update for IOMobileFrameBuffer (CVE-2024-54517) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory. Solution(s) apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-54517 CVE - 2024-54517 https://support.apple.com/en-us/121839

Debian: CVE-2025-24143: webkit2gtk, wpewebkit -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description The issue was addressed with improved access restrictions to the file system. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2025-24143 CVE - 2025-24143 DLA-4051-1 DSA-5865-1

OS X update for SharedFileList (CVE-2024-54516) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to approve a launch daemon without user consent. Solution(s) apple-osx-upgrade-14_7_2 apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-54516 CVE - 2024-54516 https://support.apple.com/en-us/121839 https://support.apple.com/en-us/121840

Debian: CVE-2024-54543: webkit2gtk, wpewebkit -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/13/2025 Description The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to memory corruption. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2024-54543 CVE - 2024-54543 DSA-5835-1

OS X update for Login Window (CVE-2025-24136) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A malicious app may be able to create symlinks to protected regions of the disk. Solution(s) apple-osx-upgrade-13_7_3 apple-osx-upgrade-14_7_3 apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24136 CVE - 2025-24136 https://support.apple.com/en-us/122068 https://support.apple.com/en-us/122069 https://support.apple.com/en-us/122070

OS X update for Kernel (CVE-2024-54507) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An attacker with user privileges may be able to read kernel memory. Solution(s) apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-54507 CVE - 2024-54507 https://support.apple.com/en-us/121839

OS X update for NSDocument (CVE-2025-24096) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3. A malicious app may be able to access arbitrary files. Solution(s) apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24096 CVE - 2025-24096 https://support.apple.com/en-us/122068

OS X update for ImageIO (CVE-2024-54499) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing a maliciously crafted image may lead to arbitrary code execution. Solution(s) apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-54499 CVE - 2024-54499 https://support.apple.com/en-us/121839

Debian: CVE-2025-24367: cacti -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29. Solution(s) debian-upgrade-cacti References https://attackerkb.com/topics/cve-2025-24367 CVE - 2025-24367 DLA-4048-1 DSA-5862-1

FreeBSD: VID-E7974CA5-E4C8-11EF-AAB3-40B034429ECF (CVE-2024-54145): cacti -- Multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 02/11/2025 Added 02/08/2025 Modified 02/08/2025 Description Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29. Solution(s) freebsd-upgrade-package-cacti References CVE-2024-54145

Apple Safari security update for CVE-2025-24169 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.3, Safari 18.3. A malicious app may be able to bypass browser extension authentication. Solution(s) apple-safari-upgrade-18_3 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2025-24169 CVE - 2025-24169 http://support.apple.com/en-us/122074

OS X update for AppleMobileFileIntegrity (CVE-2025-24122) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system. Solution(s) apple-osx-upgrade-13_7_3 apple-osx-upgrade-14_7_3 apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24122 CVE - 2025-24122 https://support.apple.com/en-us/122068 https://support.apple.com/en-us/122069 https://support.apple.com/en-us/122070

OS X update for Kernel (CVE-2025-24118) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory. Solution(s) apple-osx-upgrade-14_7_3 apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24118 CVE - 2025-24118 https://support.apple.com/en-us/122068 https://support.apple.com/en-us/122069

OS X update for AirPlay (CVE-2025-24126) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description An input validation issue was addressed. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker on the local network may be able to cause unexpected system termination or corrupt process memory. Solution(s) apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24126 CVE - 2025-24126 https://support.apple.com/en-us/122068

OS X update for CoreMedia (CVE-2025-24124) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination. Solution(s) apple-osx-upgrade-13_7_3 apple-osx-upgrade-14_7_3 apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24124 CVE - 2025-24124 https://support.apple.com/en-us/122068 https://support.apple.com/en-us/122069 https://support.apple.com/en-us/122070

OS X update for ImageIO (CVE-2025-24086) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing an image may lead to a denial-of-service. Solution(s) apple-osx-upgrade-13_7_3 apple-osx-upgrade-14_7_3 apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24086 CVE - 2025-24086 https://support.apple.com/en-us/122068 https://support.apple.com/en-us/122069 https://support.apple.com/en-us/122070

OS X update for StorageKit (CVE-2025-24107) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.3, tvOS 18.3, watchOS 11.3, iOS 18.3 and iPadOS 18.3. A malicious app may be able to gain root privileges. Solution(s) apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24107 CVE - 2025-24107 https://support.apple.com/en-us/122068

OS X update for Photos Storage (CVE-2025-24146) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. Deleting a conversation in Messages may expose user contact information in system logging. Solution(s) apple-osx-upgrade-13_7_3 apple-osx-upgrade-14_7_3 apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24146 CVE - 2025-24146 https://support.apple.com/en-us/122068 https://support.apple.com/en-us/122069 https://support.apple.com/en-us/122070

Apple Safari security update for CVE-2024-54542 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description An authentication issue was addressed with improved state management. This issue is fixed in Safari 18.2, macOS Sequoia 15.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2. Private Browsing tabs may be accessed without authentication. Solution(s) apple-safari-upgrade-18_2 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2024-54542 CVE - 2024-54542 http://support.apple.com/en-us/121846

OS X update for Contacts (CVE-2024-54550) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to view autocompleted contact information from Messages and Mail in system logs. Solution(s) apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-54550 CVE - 2024-54550 https://support.apple.com/en-us/121839

SUSE: CVE-2025-24369: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates any nonce (such as 42069), and then passes the challenge with difficulty zero. Commit e09d0226a628f04b1d80fd83bee777894a45cd02 fixes this behavior by not using a client-specified difficulty value. Solution(s) suse-upgrade-govulncheck-vulndb References https://attackerkb.com/topics/cve-2025-24369 CVE - 2025-24369

Ubuntu: USN-7240-1 (CVE-2022-49043): libxml2 vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/26/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/31/2025 Description xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. Solution(s) ubuntu-upgrade-libxml2 References https://attackerkb.com/topics/cve-2022-49043 CVE - 2022-49043 USN-7240-1 https://github.com/php/php-src/issues/17467 https://ubuntu.com/security/notices/USN-7240-1 https://www.cve.org/CVERecord?id=CVE-2022-49043

Alma Linux: CVE-2022-49043: Important: libxml2 security update (ALSA-2025-1350) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/26/2025 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. Solution(s) alma-upgrade-libxml2 alma-upgrade-libxml2-devel alma-upgrade-python3-libxml2 References https://attackerkb.com/topics/cve-2022-49043 CVE - 2022-49043 https://errata.almalinux.org/9/ALSA-2025-1350.html

OS X update for Dock (CVE-2024-54547) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to access protected user data. Solution(s) apple-osx-upgrade-13_7_2 apple-osx-upgrade-14_7_2 apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-54547 CVE - 2024-54547 https://support.apple.com/en-us/121839 https://support.apple.com/en-us/121840 https://support.apple.com/en-us/121842

Red Hat: CVE-2022-49043: libxml: use-after-free in xmlXIncludeAddNode (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 01/26/2025 Created 02/14/2025 Added 02/13/2025 Modified 02/13/2025 Description xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. Solution(s) redhat-upgrade-libxml2 redhat-upgrade-libxml2-debuginfo redhat-upgrade-libxml2-debugsource redhat-upgrade-libxml2-devel redhat-upgrade-python3-libxml2 redhat-upgrade-python3-libxml2-debuginfo References CVE-2022-49043 RHSA-2025:1350