ISHACK AI BOT

OS X update for Sync Services (CVE-2024-54549) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data. Solution(s) apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-54549 CVE - 2024-54549 https://support.apple.com/en-us/121839

OS X update for WebKit (CVE-2025-24162) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash. Solution(s) apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24162 CVE - 2025-24162 https://support.apple.com/en-us/122068

Apple Safari security update for CVE-2025-24143 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description The issue was addressed with improved access restrictions to the file system. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user. Solution(s) apple-safari-upgrade-18_3 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2025-24143 CVE - 2025-24143 http://support.apple.com/en-us/122074

FreeBSD: VID-E7974CA5-E4C8-11EF-AAB3-40B034429ECF (CVE-2024-54146): cacti -- Multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 02/11/2025 Added 02/08/2025 Modified 02/08/2025 Description Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of host_templates.php using the graph_template parameter. This vulnerability is fixed in 1.2.29. Solution(s) freebsd-upgrade-package-cacti References CVE-2024-54146

OS X update for WebKit (CVE-2024-54543) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to memory corruption. Solution(s) apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-54543 CVE - 2024-54543 https://support.apple.com/en-us/121839

Apple Safari security update for CVE-2025-24113 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description The issue was addressed with improved UI. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. Visiting a malicious website may lead to user interface spoofing. Solution(s) apple-safari-upgrade-18_3 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2025-24113 CVE - 2025-24113 http://support.apple.com/en-us/122074

OS X update for FaceTime (CVE-2025-24134) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.3. An app may be able to access user-sensitive data. Solution(s) apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24134 CVE - 2025-24134 https://support.apple.com/en-us/122068

OS X update for Kernel (CVE-2025-24107) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.3, tvOS 18.3, watchOS 11.3, iOS 18.3 and iPadOS 18.3. A malicious app may be able to gain root privileges. Solution(s) apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24107 CVE - 2025-24107 https://support.apple.com/en-us/122068

OS X update for AirPlay (CVE-2025-24129) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description A type confusion issue was addressed with improved checks. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected app termination. Solution(s) apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24129 CVE - 2025-24129 https://support.apple.com/en-us/122068

FreeBSD: VID-E7974CA5-E4C8-11EF-AAB3-40B034429ECF (CVE-2024-45598): cacti -- Multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 02/11/2025 Added 02/08/2025 Modified 02/08/2025 Description Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29. Solution(s) freebsd-upgrade-package-cacti References CVE-2024-45598

OS X update for System Settings (CVE-2024-54475) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to determine a user’s current location. Solution(s) apple-osx-upgrade-13_7_2 apple-osx-upgrade-14_7_2 apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-54475 CVE - 2024-54475 https://support.apple.com/en-us/121839 https://support.apple.com/en-us/121840 https://support.apple.com/en-us/121842

OS X update for SharedFileList (CVE-2024-54557) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An attacker may gain access to protected parts of the file system. Solution(s) apple-osx-upgrade-13_7_2 apple-osx-upgrade-14_7_2 apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-54557 CVE - 2024-54557 https://support.apple.com/en-us/121839 https://support.apple.com/en-us/121840 https://support.apple.com/en-us/121842

OS X update for LaunchServices (CVE-2025-24117) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description This issue was addressed with improved redaction of sensitive information. This issue is fixed in iPadOS 17.7.4, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3. An app may be able to fingerprint the user. Solution(s) apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24117 CVE - 2025-24117 https://support.apple.com/en-us/122068

OS X update for Time Zone (CVE-2025-24145) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. An app may be able to view a contact's phone number in system logs. Solution(s) apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24145 CVE - 2025-24145 https://support.apple.com/en-us/122068

OS X update for AirPlay (CVE-2025-24137) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description A type confusion issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected application termination or arbitrary code execution. Solution(s) apple-osx-upgrade-14_7_3 apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24137 CVE - 2025-24137 https://support.apple.com/en-us/122068 https://support.apple.com/en-us/122069

OS X update for QuickTime Player (CVE-2024-54537) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to read and write files outside of its sandbox. Solution(s) apple-osx-upgrade-13_7_2 apple-osx-upgrade-14_7_2 apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-54537 CVE - 2024-54537 https://support.apple.com/en-us/121839 https://support.apple.com/en-us/121840 https://support.apple.com/en-us/121842

OS X update for CoreMedia (CVE-2025-24123) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination. Solution(s) apple-osx-upgrade-13_7_3 apple-osx-upgrade-14_7_3 apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24123 CVE - 2025-24123 https://support.apple.com/en-us/122068 https://support.apple.com/en-us/122069 https://support.apple.com/en-us/122070

Red Hat JBossEAP: Execution with Unnecessary Privileges (CVE-2025-24814) Severity 5 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:N) Published 01/27/2025 Created 02/04/2025 Added 02/03/2025 Modified 02/10/2025 Description Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem. These replacement config files are treated as "trusted" and can use "<lib>" tags to add to Solr's classpath, which an attacker might use to load malicious code as a searchComponent or other plugin. This issue affects all Apache Solr versions up through Solr 9.7. Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from "FileSystemConfigSetService"). Users are also recommended to upgrade to Solr 9.8.0, which mitigates this issue by disabling use of "<lib>" tags by default.. A flaw was found in Apache Solr. Solr instances that use the "FileSystemConfigSetService" component, the default in "standalone" or "user-managed" mode, and are running without authentication and authorization are vulnerable to a privilege escalation wherein individual "trusted" config set files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem. These replacement config files are treated as "trusted" and can use "<lib>" tags to add to Solr's classpath. This flaw allows an attacker to load malicious code as a searchComponent or other plugin. Solution(s) red-hat-jboss-eap-upgrade-latest References https://attackerkb.com/topics/cve-2025-24814 CVE - 2025-24814 https://access.redhat.com/security/cve/CVE-2025-24814 https://bugzilla.redhat.com/show_bug.cgi?id=2342221 http://www.openwall.com/lists/oss-security/2025/01/26/1 https://lists.apache.org/thread/gl291pn8x9f9n52ys5l0pc0b6qtf0qw1

OS X update for CoreAudio (CVE-2025-24163) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination. Solution(s) apple-osx-upgrade-14_7_3 apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24163 CVE - 2025-24163 https://support.apple.com/en-us/122068 https://support.apple.com/en-us/122069

OS X update for ICU (CVE-2024-54478) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.4, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to an unexpected process crash. Solution(s) apple-osx-upgrade-14_7_2 apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-54478 CVE - 2024-54478 https://support.apple.com/en-us/121839 https://support.apple.com/en-us/121840

OS X update for System Settings (CVE-2024-54520) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to overwrite arbitrary files. Solution(s) apple-osx-upgrade-13_7_2 apple-osx-upgrade-14_7_2 apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-54520 CVE - 2024-54520 https://support.apple.com/en-us/121839 https://support.apple.com/en-us/121840 https://support.apple.com/en-us/121842

OS X update for AirPlay (CVE-2025-24131) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker in a privileged position may be able to perform a denial-of-service. Solution(s) apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24131 CVE - 2025-24131 https://support.apple.com/en-us/122068

OS X update for QuartzCore (CVE-2024-54497) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing web content may lead to a denial-of-service. Solution(s) apple-osx-upgrade-13_7_3 apple-osx-upgrade-14_7_3 apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-54497 CVE - 2024-54497 https://support.apple.com/en-us/121839 https://support.apple.com/en-us/122069 https://support.apple.com/en-us/122070

OS X update for CoreRoutine (CVE-2025-24102) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to determine a user’s current location. Solution(s) apple-osx-upgrade-13_7_3 apple-osx-upgrade-14_7_3 apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24102 CVE - 2025-24102 https://support.apple.com/en-us/122068 https://support.apple.com/en-us/122069 https://support.apple.com/en-us/122070

OS X update for Safari Private Browsing (CVE-2024-54542) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description An authentication issue was addressed with improved state management. This issue is fixed in Safari 18.2, macOS Sequoia 15.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2. Private Browsing tabs may be accessed without authentication. Solution(s) apple-osx-upgrade-15_2 References https://attackerkb.com/topics/cve-2024-54542 CVE - 2024-54542 https://support.apple.com/en-us/121839