Martijn Lammerts
My own digital place with a little of everything

SEC Consult SA-20181009-0 :: Remote Code Execution via XMeye P2P Cloud in Xiongmai IP Cameras, NVRs and DVRs incl. 3rd party OEM devices (CVE-2018-17915, CVE-2018-17917, CVE-2018-17919)

Posted by SEC Consult Vulnerability Lab on Oct 09SEC Consult also published a blog post regarding the identified security issues with further background information: Blog: https://r.sec-consult.com/xmeye SEC Consult Vulnerability Lab Security Advisor...
Continue reading...

APPLE-SA-2018-10-08-2 iCloud for Windows 7.7

Posted by Apple Product Security on Oct 09

APPLE-SA-2018-10-08-2 iCloud for Windows 7.7

iCloud for Windows 7.7 is now available and addresses the following:

WebKit
Available for: Windows 7 and later
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory corruption issue was addressed with improved
validation.
CVE-2018-4191: found by OSS-Fuzz

WebKit
Available for: Windows 7 and later
Impact: Cross-origin SecurityErrors includes the accessed frame's
origin...
Continue reading...