This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. An issue where system extensions could load malicious code was addressed through improved extension detection. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. An issue where
The issue is addressed by installing the latest software updates. An out-of-bounds read issue was discovered in the caching of font assets. This issue may allow a remote attacker to exploit memory corruption and gain access to potentially sensitive information. Apple is aware of a report that this issue was
This could then lead to the disclosure of passwords or other sensitive data. To reduce the likelihood of this happening, 1Password apps and integrations are constantly checking whether they are communicating with the 1Password service. If they are not, they will display a warning message. 1Password users are encouraged to
This vulnerability was fixed in version 220.127.116.11, 18.104.22.168, and 9.0. CVE-2022-32159 This vulnerability was fixed in version 22.214.171.124, 126.96.36.199, and 9.0. CVE-2022-32158: This vulnerability was fixed in version 188.8.131.52, 184.108.40.206,
This issue is fixed in iOS 15.4.1, watchOS 8.6, tvOS 15.5 and macOS High Sierra 10.13.5. An out-of-bounds read issue exists when processing URLs in Safari. This issue is fixed in iOS 15.4.1 and Safari 12.0. Apple has received reports that
XXE is a type of cross-site scripting (XSS) vulnerability that occurs when untrusted data is fed into a web application. Depending on the context in which the data is used, it can have various impacts. For example, malicious data injected into an email message can be very harmful, as users
XSS is a type of injection that occurs when user input is not filtered properly and is redirected to another site. There are many different types of XSS, including: Reflected XSS – The user is redirected to a site that allows injection, but the injection is tested against the code on
The issue is resolved in RT-AX56U firmware version 220.127.116.11 from February 12, 2017. An attacker can access the user profile configuration function by sending HTTP request with malicious data. In the case of RT-AX56U, the value of “User 1” is “\x01\x57\x57\x57\x57\x57”, which
This issue is addressed by allowing the X-Frame-Options response header to be set. A maliciously crafted website could exploit this vulnerability to access content protected against cross-origin access restrictions. On iOS and macOS, this issue is mitigated with improved state management. Exploitation of this issue may allow remote code execution.
An application may be able to access a user's files. This issue may occur through a maliciously crafted URL or through a malformed link in an email. This issue did not exist in iOS 15.3 and watchOS 8.4. An application may be able to access a user's files.