Author: Joe-W

  Posted by Ron E on Sep 08 An integer overflow vulnerability exists in the Y4M input loader (loadY4M in decoder_y4m.cc) of libheif. The loader fails to properly validate the width and height values declared in the Y4M file header. Supplying a crafted .y4m file with extremely large dimensions (e.g., W2147483647 H2147483647) causes integer overflow … Read More “libheif v1.21.0 Integer Overflow in Y4M Loader leading to Uncontrolled Memory Allocation  – Full Disclosure” »

  Posted by Ron E on Sep 08 The vulnerability resides in the constructor Chunk::Chunk ( libheif/sequences/chunk.cc:89). When parsing the Sample Size Box (stsz) of a HEIF sequence track, the code allocates a std::vector<unsigned int> and then appends entries for each sample size. The count used for allocation and iteration is taken directly from the … Read More “libheif v1.21.0 Heap Buffer Overflow in Chunk::Chunk  – Full Disclosure” »

  Posted by Ron E on Sep 08 The Track::init_sample_timing_table logic manages a std::vector<std::shared_ptr<Chunk>> representing parsed sequence chunks. With malformed HEIF sequence files, corrupted chunk tables may cause premature destruction of Chunk objects while references remain in the vector. Later accesses via std::__shared_ptr<Chunk>::get() return a dangling pointer. ASan reports these as heap-buffer-overflows because the stale … Read More “libheif 1.21.0 Use-After-Free / Dangling shared_ptr in Track Chunk Handling  – Full Disclosure” »

  Posted by Ron E on Sep 08 The Box_stts structure defines decoding time to sample mapping. In Box_stts::get_sample_duration(unsigned), the requested index is assumed valid. A crafted file can set entry_count inconsistently with the actual buffer size, leading to access beyond the bounds of the parsed vector. *Root Cause:* – Lack of bounds checks on … Read More “libheif v1.21.0 Out-of-Bounds Read in Box_stts::get_sample_duration  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 08 APPLE-SA-08-20-2025-5 macOS Ventura 13.7.8 macOS Ventura 13.7.8 addresses the following issues. Information about the security content is also available at https://support.apple.com/124929. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. ImageIO Available for: macOS Ventura Impact: Processing … Read More “APPLE-SA-08-20-2025-5 macOS Ventura 13.7.8  – Full Disclosure” »

  Posted by Seralys Research Team via Fulldisclosure on Sep 08 Seralys Security Advisory | https://www.seralys.com/research ====================================================================== Title: Unauthenticated User Creation Product: SpamTitan Email Security Gateway Affected: Confirmed on 8.00.95 Fixed in: 8.00.101 and 8.01.14 Vendor: TitanHQ Discovered: May 2024 Severity: HIGH CWE: CWE-306: Missing Authentication for Critical Function CVE:… – Read More  – Full Disclosure 

  Posted by Apple Product Security via Fulldisclosure on Sep 08 APPLE-SA-08-20-2025-2 iPadOS 17.7.10 iPadOS 17.7.10 addresses the following issues. Information about the security content is also available at https://support.apple.com/124926. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. ImageIO Available for: iPad Pro 12.9-inch 2nd generation, iPad … Read More “APPLE-SA-08-20-2025-2 iPadOS 17.7.10  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 08 APPLE-SA-08-20-2025-3 macOS Sequoia 15.6.1 macOS Sequoia 15.6.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/124927. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. ImageIO Available for: macOS Sequoia Impact: Processing … Read More “APPLE-SA-08-20-2025-3 macOS Sequoia 15.6.1  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 08 APPLE-SA-08-20-2025-4 macOS Sonoma 14.7.8 macOS Sonoma 14.7.8 addresses the following issues. Information about the security content is also available at https://support.apple.com/124928. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. ImageIO Available for: macOS Sonoma Impact: Processing … Read More “APPLE-SA-08-20-2025-4 macOS Sonoma 14.7.8  – Full Disclosure” »

  Posted by Asterisk Development Team via Fulldisclosure on Sep 08 The Asterisk Development Team would like to announce security release Asterisk 22.5.2. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/22.5.2 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 22.5.2 ## Change Log for Release asterisk-22.5.2 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure 

  Posted by Andrey Stoykov on Sep 08 # Exploit Title: Host Header Injection – silverstripecmsv6.0.0 # Date: 08/2025 # Exploit Author: Andrey Stoykov # Version: 6.0.0 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/2025/08/friday-fun-pentest-series-39-host.html Host Header Injection #1: Steps to Reproduce: – Login and change the Host header to Burp Collab domain – Upon … Read More “Host Header Injection – silverstripecmsv6.0.0  – Full Disclosure” »

  Posted by Andrey Stoykov on Sep 08 # Exploit Title: [Vuln] – silverstripecmsv6.0.0 # Date: 08/2025 # Exploit Author: Andrey Stoykov # Version: 6.0.0 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/2025/08/friday-fun-pentest-series-40-csv.html CSV Injection #1: Steps to Reproduce: – Login and visit “Security” > “Add Member” > “First Name” and enter payload of =30*30 … Read More “CSV Injection – silverstripecmsv6.0.0  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 08 APPLE-SA-08-20-2025-1 iOS 18.6.2 and iPadOS 18.6.2 iOS 18.6.2 and iPadOS 18.6.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/124925. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. ImageIO Available for: … Read More “APPLE-SA-08-20-2025-1 iOS 18.6.2 and iPadOS 18.6.2  – Full Disclosure” »

  Posted by George Joseph via Fulldisclosure on Sep 08 The Asterisk Development Team would like to announce security release Certified Asterisk 18.9-cert17. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert17 and https://downloads.asterisk.org/pub/telephony/certified-asterisk Repository: https://github.com/asterisk/asterisk Tag: certified-18.9-cert17 ## Change Log for Release asterisk-certified-18.9-cert17 ###… – Read More  – Full Disclosure 

  Posted by josephgoyd via Fulldisclosure on Sep 08 Improper Input Validation in Siri Shortcuts and Shared Web Credentials Enables Persistent Background Execution, Retry Storms, and Sandbox Extension Abuse Date Discovered: August 20, 2025 Discovered By: Joseph Goydish II Affected: – iOS/macOS versions supporting Siri Shortcuts + Shared Web Credentials (SWC) – Confirmed on iPhone … Read More “(iOS 18.6.2) Improper Input Validation in Siri Shortcuts and Shared Web Credentials  – Full Disclosure” »

  Posted by josephgoyd via Fulldisclosure on Sep 08 [Zero-Day] AppleMediaServices Fail-Open Auth Bypass (All Platforms) Overview: A criticalzero-dayvulnerability in AppleMediaServices (AMS) affects all Apple platforms — iOS, macOS, tvOS, and watchOS. When AMS fails to fetch its remote “Bag” config file, it disables Mescal and Absinthe request signingwithout warning, falling back to unsigned, unauthenticated … Read More “[Zero-Day] AppleMediaServices Fail-Open Auth Bypass (All Platforms)  – Full Disclosure” »

  Posted by Joseph Goydish II via Fulldisclosure on Sep 08 TITLE: APPLE’S A17 PRO SILICON FLAW: SHARED I²C4 BUS BETWEEN SECURE ENCLAVE AND DIGITIZER CAUSES CASCADING SYSTEM FAILURE SUMMARY: This report discloses a CRITICAL HARDWARE FLAW in Apple’s A17 Pro chip (D84AP), affecting retail iPhone 15 Pro Max devices. The flaw results from a … Read More “Apple’s A17 Pro Chip: Critical Flaw Causes Dual Subsystem Failure & Forensic Log Loss  – Full Disclosure” »

  Posted by Asterisk Development Team via Fulldisclosure on Sep 08 The Asterisk Development Team would like to announce security release Asterisk 18.26.4. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/18.26.4 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 18.26.4 ## Change Log for Release asterisk-18.26.4 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure 

  Posted by Asterisk Development Team via Fulldisclosure on Sep 08 The Asterisk Development Team would like to announce security release Asterisk 21.10.2. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/21.10.2 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 21.10.2 ## Change Log for Release asterisk-21.10.2 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure 

  Posted by Asterisk Development Team via Fulldisclosure on Sep 08 The Asterisk Development Team would like to announce security release Asterisk 20.15.2. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/20.15.2 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 20.15.2 ## Change Log for Release asterisk-20.15.2 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure