Sign-up

VARIoT news about IoT security

2023 Apple & iOS Vulnerabilities from CISA (Quick Reference)

Related entries in the VARIoT vulnerabilities database: VAR-202210-1624, VAR-202302-1097, VAR-202209-0759, VAR-202108-1164, VAR-202203-1579, VAR-201504-0081, VAR-201608-0186, VAR-201608-0188, VAR-201912-0546, VAR-202002-1163, VAR-202108-2057, VAR-202010-1228, VAR-201904-1459, VAR-202104-0612, VAR-201608-0187, VAR-201912-0480, VAR-201912-0613, VAR-202108-1137, VAR-201912-0473, VAR-202006-1646, VAR-202208-1294, VAR-202202-0109, VAR-201409-0487, VAR-201912-0474, VAR-202201-0561, VAR-202208-1345, VAR-202203-1580, VAR-202212-1751, VAR-202108-2051

Trust: 5.5

Fetched: Jan. 28, 2024, 9:28 a.m., Published: Jan. 28, 2023, midnight
 Vulnerabilities: memory corruption, input validation vulnerability, information disclosure...
Affected productsExternal IDs
vendor: apple model: apple tv
vendor: apple model: watchos
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: tvos
vendor: apple model: macos
db: NVD ids: CVE-2022-42827, CVE-2023-23529, CVE-2022-32917, CVE-2023-32409, CVE-2021-31010, CVE-2023-41064, CVE-2022-22674, CVE-2015-1130, CVE-2016-4655, CVE-2016-4657, CVE-2023-41991, CVE-2019-8526, CVE-2023-42824, CVE-2023-32434, CVE-2023-32435, CVE-2023-28205, CVE-2020-3837, CVE-2021-30883, CVE-2020-9907, CVE-2018-4344, CVE-2023-28206, CVE-2021-1789, CVE-2023-37450, CVE-2023-32439, CVE-2016-4656, CVE-2023-41061, CVE-2019-8506, CVE-2023-28204, CVE-2023-38606, CVE-2019-8605, CVE-2021-30983, CVE-2023-41992, CVE-2019-7286, CVE-2023-41993, CVE-2020-9859, CVE-2022-32894, CVE-2022-22620, CVE-2014-4404, CVE-2023-32373, CVE-2019-7287, CVE-2022-22587, CVE-2022-32893, CVE-2022-22675, CVE-2022-42856, CVE-2021-30900

The increase in vulnerabilities is the reason why device vulnerability management is important

Trust: 3.75

Fetched: Jan. 28, 2024, 9:27 a.m., Published: Dec. 11, 2022, 11:30 p.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs

Kaspersky unknown hardware 'feature' used in iPhone attacks • The Register

Trust: 4.75

Fetched: Jan. 28, 2024, 9:17 a.m., Published: -
 Vulnerabilities: feature bypass
Affected productsExternal IDs
vendor: apple model: iphone
db: NVD ids: CVE-2023-38606

CVE - Search Results

Related entries in the VARIoT vulnerabilities database: VAR-201703-0607, VAR-201903-0591, VAR-201708-0554, VAR-202208-0759, VAR-201311-0297

Trust: 5.25

Fetched: Jan. 28, 2024, 9:15 a.m., Published: Jan. 3, 2024, midnight
 Vulnerabilities: memory corruption, directory traversal, address corruption...
Affected productsExternal IDs
vendor: lenovo model: system
vendor: lenovo model: bios
vendor: lenovo model: desktop
vendor: hewlett packard enterprise model: moonshot
vendor: hewlett packard enterprise model: switches
vendor: hewlett packard enterprise model: integrity
vendor: hewlett packard model: moonshot
vendor: hewlett packard model: switches
vendor: hewlett packard model: integrity
vendor: cisco model: nx-os software
vendor: cisco model: guard
vendor: cisco model: nexus 9500
vendor: cisco model: series switches
vendor: cisco model: nexus
vendor: cisco model: 1000v
vendor: cisco model: nexus 7000
vendor: cisco model: cisco nexus 1000v switch
vendor: cisco model: cisco nx-os
vendor: cisco model: nexus 1000v switch
vendor: cisco model: nexus 3000
vendor: cisco model: nexus 1000v
vendor: cisco model: virtual security gateway
vendor: cisco model: nx-os
vendor: cisco model: series
db: NVD ids: CVE-2017-8707, CVE-2022-34696, CVE-2022-22713, CVE-2021-26416, CVE-2020-1040, CVE-2019-0715, CVE-2019-1310, CVE-2010-3960, CVE-2018-8439, CVE-2022-22712, CVE-2019-0712, CVE-2015-2534, CVE-2019-0714, CVE-2017-0179, CVE-2022-22008, CVE-2021-40461, CVE-2022-24490, CVE-2018-0888, CVE-2017-0180, CVE-2019-0550, CVE-2019-0928, CVE-2019-0721, CVE-2023-36908, CVE-2019-1309, CVE-2018-0965, CVE-2022-44682, CVE-2017-0097, CVE-2021-25140, CVE-2020-0751, CVE-2020-0617, CVE-2017-8714, CVE-2019-0551, CVE-2017-0109, CVE-2020-1243, CVE-2014-0148, CVE-2019-1398, CVE-2023-36407, CVE-2021-26867, CVE-2022-29106, CVE-2019-1254, CVE-2019-0723, CVE-2017-0095, CVE-2017-0184, CVE-2017-0178, CVE-2019-1599, CVE-2021-42274, CVE-2018-8437, CVE-2017-8712, CVE-2018-8219, CVE-2016-0090, CVE-2019-1470, CVE-2017-8704, CVE-2017-0182, CVE-2017-0051, CVE-2020-0909, CVE-2017-8664, CVE-2017-8706, CVE-2020-1032, CVE-2019-0710, CVE-2022-41094, CVE-2017-0099, CVE-2011-1872, CVE-2022-21847, CVE-2020-1043, CVE-2018-8490, CVE-2022-21900, CVE-2018-0957, CVE-2017-0212, CVE-2020-17040, CVE-2017-0096, CVE-2021-33758, CVE-2022-23257, CVE-2019-0720, CVE-2021-25139, CVE-2020-16891, CVE-2019-1471, CVE-2017-0162, CVE-2018-8434, CVE-2021-28476, CVE-2024-20700, CVE-2021-37841, CVE-2021-28314, CVE-2017-0163, CVE-2016-0089, CVE-2019-0709, CVE-2017-0169, CVE-2017-0098, CVE-2021-28444, CVE-2019-0695, CVE-2018-0959, CVE-2017-3753, CVE-2021-1692, CVE-2018-0961, CVE-2010-0026, CVE-2018-8218, CVE-2017-0074, CVE-2017-0075, CVE-2012-5532, CVE-2019-1397, CVE-2019-1230, CVE-2019-0711, CVE-2017-8713, CVE-2019-0722, CVE-2016-4440, CVE-2016-0088, CVE-2020-1036, CVE-2020-1080, CVE-2018-0885, CVE-2017-0183, CVE-2020-17095, CVE-2019-0886, CVE-2021-28441, CVE-2020-1041, CVE-2019-0718, CVE-2019-1399, CVE-2022-23268, CVE-2022-21975, CVE-2024-20699, CVE-2019-0635, CVE-2021-31977, CVE-2017-8711, CVE-2017-0021, CVE-2022-21901, CVE-2022-24537, CVE-2020-1042, CVE-2022-30223, CVE-2021-38672, CVE-2023-36427, CVE-2022-24539, CVE-2021-42284, CVE-2019-0966, CVE-2017-0185, CVE-2022-35751, CVE-2019-0965, CVE-2022-30163, CVE-2022-37979, CVE-2021-30178, CVE-2023-36406, CVE-2018-0964, CVE-2015-2361, CVE-2022-21905, CVE-2018-8435, CVE-2021-1691, CVE-2020-6102, CVE-2017-0168, CVE-2022-22042, CVE-2019-0713, CVE-2017-0076, CVE-2013-5556, CVE-2020-6100, CVE-2022-26783, CVE-2023-23411, CVE-2019-0719, CVE-2017-0193, CVE-2017-8623, CVE-2020-24623, CVE-2017-0181, CVE-2012-2669, CVE-2022-38015, CVE-2015-2362, CVE-2022-26785, CVE-2020-1047, CVE-2013-3898, CVE-2020-0904, CVE-2018-8489, CVE-2021-33755, CVE-2022-21995, CVE-2019-0690, CVE-2020-0917, CVE-2020-0918, CVE-2020-0910, CVE-2019-0620, CVE-2018-8438, CVE-2019-1389, CVE-2023-32013, CVE-2020-0661, CVE-2019-0717, CVE-2021-1704, CVE-2020-0890, CVE-2022-24466, CVE-2021-43246, CVE-2020-6101, CVE-2017-0186, CVE-2023-36408, CVE-2019-0701, CVE-2022-22009, CVE-2015-1647, CVE-2020-6103, CVE-2018-8436, CVE-2021-34450

High-Severity Flaws Uncovered in Bosch Thermostats and Smart Nutrunners

Trust: 4.75

Fetched: Jan. 28, 2024, 9:14 a.m., Published: Jan. 15, 2024, 8:16 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: bosch model: nexo
vendor: bosch model: iot gateway
db: NVD ids: CVE-2023-49722

Critical RCE Vulnerability in Cisco Unified Communications with Risk of Root Access (CVE-2024-20253) - SOCRadar® Cyber Intelligence Inc.

Trust: 6.0

Fetched: Jan. 28, 2024, 9:13 a.m., Published: Jan. 26, 2024, 11:48 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: unity connection
vendor: cisco model: unified communications manager im & presence service
vendor: cisco model: unified contact center express
vendor: cisco model: virtualized voice browser
vendor: cisco model: unity
vendor: cisco model: unified communications
vendor: cisco model: unified communications manager session management edition
vendor: cisco model: unified communications manager
db: NVD ids: CVE-2024-20253

Analysis of Ivanti 0-days, CVE-2023-46805 and CVE-2024-21887 - Atos

Trust: 4.5

Fetched: Jan. 28, 2024, 9:07 a.m., Published: Jan. 23, 2024, 4:52 p.m.
 Vulnerabilities: command execution, code injection, command injection...
Affected productsExternal IDs
db: NVD ids: CVE-2023-46805, CVE-2024-21887

34 Windows Device Drivers Vulnerable to Exploits That Grant Full System Control | Tom's Hardware

Trust: 4.0

Fetched: Jan. 28, 2024, 9:07 a.m., Published: Nov. 3, 2023, 5:13 p.m.
 Vulnerabilities: control bypass
Affected productsExternal IDs
vendor: dell model: bios

PixieFail: Nine flaws in UEFI open-source reference implementation

Trust: 3.5

Fetched: Jan. 26, 2024, 10:05 a.m., Published: Jan. 18, 2024, 11:46 a.m.
 Vulnerabilities: buffer overflow, code execution, session hijacking
Affected productsExternal IDs
db: NVD ids: CVE-2023-45236, CVE-2023-45237, CVE-2023-45235, CVE-2023-45233, CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45234, CVE-2023-45232

Apple patches zero day affecting operating systems for devices, Macs | SC Media

Trust: 5.75

Fetched: Jan. 26, 2024, 9:53 a.m., Published: Jan. 23, 2024, 10:01 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: ipad air
vendor: google model: chrome
db: NVD ids: CVE-2024-23222, CVE-2024-23214, CVE-2024-0519, CVE-2024-23206

Distributed Energy Generation Gateway (In)Security - Security News - Trend Micro TH

Trust: 4.75

Fetched: Jan. 26, 2024, 9:53 a.m., Published: -
 Vulnerabilities: default password
Affected productsExternal IDs
vendor: enphase model: envoy
vendor: trend micro model: security
vendor: trend model: security

CISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalog - Security Affairs

Trust: 4.0

Fetched: Jan. 26, 2024, 9:53 a.m., Published: Jan. 25, 2024, 12:28 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-22527

System BIOS komputerów Dell Precision 7520 i 7720 | Szczegóły sterownika | Dell Polska

Trust: 3.0

Fetched: Jan. 26, 2024, 9:52 a.m., Published: Jan. 26, 7520, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios
vendor: dell model: precision 7520

Cisco Unified Communications Products Remote Code Execution Vulnerability

Trust: 3.75

Fetched: Jan. 26, 2024, 9:52 a.m., Published: Jan. 25, 2024, 5:40 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: unity
vendor: cisco model: unified communications
vendor: cisco model: unity connection

Apple Releases First Important Security Updates of 2024 - iOS 17.3 Patches First Zero-Day of the Year

Trust: 5.75

Fetched: Jan. 26, 2024, 9:51 a.m., Published: Jan. 26, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: tvos
vendor: apple model: iphone
vendor: apple model: watchos
vendor: apple model: apple tv
vendor: apple model: webkit
vendor: apple model: watch
db: NVD ids: CVE-2024-23222

WARNING: NEW REMOTE CODE EXECUTION VULNERABILITY IN MULTIPLE CISCO PRODUCTS, PATCH IMMEDIATELY! | Cert

Trust: 5.25

Fetched: Jan. 26, 2024, 9:39 a.m., Published: Jan. 25, 2024, 5:13 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-20253

Cisco Small Business Series Switches Stacked Reload ACL Bypass Vulnerability

Trust: 3.0

Fetched: Jan. 26, 2024, 9:37 a.m., Published: Jan. 24, 2024, 3:52 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: series managed switches
vendor: cisco model: small business
vendor: cisco model: series stackable managed switches
vendor: cisco model: series
vendor: cisco model: small business series
vendor: cisco model: series switches
vendor: cisco model: cisco small business
vendor: cisco model: small business series switches
vendor: cisco model: series smart switches

How to lock out your ex-partner from your smart home | Malwarebytes

Trust: 3.5

Fetched: Jan. 26, 2024, 9:32 a.m., Published: Jan. 24, 2024, 2:55 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
vendor: google model: android

Best Wordpress Security & Vulnerability Scanners In 2024 [LIST]

Trust: 5.5

Fetched: Jan. 26, 2024, 9:30 a.m., Published: July 26, 2021, 11:40 a.m.
 Vulnerabilities: code injection, sql injection, header injection...
Affected productsExternal IDs
vendor: trend model: security

CSA urge Apple users to urgently update their device software to prevent hacker attacks - Singapore News

Trust: 5.0

Fetched: Jan. 26, 2024, 9:24 a.m., Published: Jan. 24, 2024, 9:40 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: apple tv
vendor: apple model: tvos
vendor: apple model: ipad air
db: NVD ids: CVE-2024-23222