Category: Alert Feeds

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 29 SEC Consult Vulnerability Lab Security Advisory < 20260423-0 > ======================================================================= title: DLL Hijacking product: EfficientLab Controlio (cloud-based employee monitoring service) vulnerable version: <1.3.95      fixed version: 1.3.95         CVE number: CVE-2025-10549             impact: High … Read More “SEC Consult SA-20260423-0 :: DLL Hijacking in EfficientLab Controlio (cloud-based employee monitoring service)  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 29 SEC Consult Vulnerability Lab Security Advisory < 20260427-0 > ======================================================================= title: Missing TLS Certificate Validation leading to RCE product: DeskTime Time Tracking App vulnerable version: 1.3.671 fixed version: – CVE number: CVE-2025-10539              impact: medium homepage:https://desktime.com… – Read More  … Read More “SEC Consult SA-20260427-0 :: Missing TLS Certificate Validation leading to RCE in DeskTime Time Tracking App  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 29 *Update 2026-04-28:* The vendor contacted us and now provides a patched version v1.3.674 which can be obtained at the following URL: https://desktime.com/download – Read More  – Full Disclosure 

  Posted by Milan Berger via Fulldisclosure on Apr 29 # Security Advisory: ESP-RFID-Tool v2 PRO **Product:** ESP-RFID-Tool v2 PRO **Vendor:** Raik Schneider (Einstein2150), foto-video-it.de **Repository:** https://github.com/Einstein2150/ESP-RFID-Tool-v2 **Affected Version:** v2.2.1 (latest as of 2026-04-28) **Severity:** CRITICAL **Disclosure Type:** Full Public Disclosure **Disclosure Date:** 2026-04-28 **Researcher:** Milan ‘t4c’ Berger — ## Disclosure Timeline | Date | … Read More “ESP-RFID-Tool v2 PRO — Full Public Disclosure  – Full Disclosure” »

  Posted by SBA Research Security Advisory via Fulldisclosure on Apr 29 # GoAnywhere MFT Email HTML Injection # Link: https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251120-01_GoAnywhere_MFT_Email_HTML_Injection ## Vulnerability Overview ## GoAnywhere MFT before 7.10.0 is affected by an HTML injection vulnerability in its email templating functionality. If an attacker is able to influence the content of a template variable, malicious … Read More “[SBA-ADV-20251120-01] CVE-2026-0972: GoAnywhere MFT Email HTML Injection  – Full Disclosure” »

  Posted by Artur Janicki via Fulldisclosure on Apr 29 [APOLOGIES FOR CROSS-POSTING] CALL FOR PAPERS 15th International Workshop on Cyber Crime (IWCC 2026 – https://www.ares-conference.eu/iwcc) to be held in conjunction with the International Conference on Availability, Reliability and Security (ARES 2026 – https://www.ares-conference.eu/) in Linköping, Sweden, August 24-27, 2026 IMPORTANT DATES Submission Deadline May … Read More “[IWCC 2026] CfP: 15th International Workshop on Cyber Crime – Linköping, Sweden, Aug 24-27, 2026  – Full Disclosure” »

  Posted by malvuln on Apr 29 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2026 Original source: https://malvuln.com/advisory/8c15ec5f0137d097a345b693f0bffedb.txt Malvuln Intelligence Feed: https://intel.malvuln.com/ Contact: malvuln13 () gmail com Media: x.com/malvuln Threat: Trojan-Spy.Win32.Small Vulnerability: Remote Command Execution Description: The malware opens a listener on TCP port 65535, allowing unauthenticated remote attackers with network access… – Read … Read More “Trojan-Spy.Win32.Small / Remote Command Execution  – Full Disclosure” »

  Posted by Egidio Romano on Apr 29 ——————————————————————— SocialEngine <= 7.8.0 Blind Server-Side Request Forgery Vulnerability ——————————————————————— [-] Software Link: https://socialengine.com [-] Affected Versions: Versions 7.8.0, 7.7.0, and likely prior versions. [-] Vulnerability Description: User input passed through the “uri” request parameter to the… – Read More  – Full Disclosure 

  Posted by Egidio Romano on Apr 29 —————————————————————– SocialEngine <= 7.8.0 (get-memberall) SQL Injection Vulnerability —————————————————————– [-] Software Link: https://socialengine.com [-] Affected Versions: Versions 7.8.0, 7.7.0, and likely prior versions. [-] Vulnerability Description: User input passed through the “text” request parameter to the… – Read More  – Full Disclosure 

  Posted by Nir Yehoshua on Apr 29 Hi Full Disclosure list, I published a technical research article titled: When Trusted Tools Become Attack Primitives The article examines how trusted local utilities can become security-relevant primitives when used inside automated processing pipelines. It covers two case studies: 1. macOS textutil resolving remote resources during HTML-to-text … Read More “Research: When Trusted Tools Become Attack Primitives  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Apr 29 APPLE-SA-04-22-2026-1 iOS 26.4.2 and iPadOS 26.4.2 iOS 26.4.2 and iPadOS 26.4.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/en-us/127002. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Notification Services Available … Read More “APPLE-SA-04-22-2026-1 iOS 26.4.2 and iPadOS 26.4.2  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Apr 29 APPLE-SA-04-22-2026-2 iOS 18.7.8 and iPadOS 18.7.8 iOS 18.7.8 and iPadOS 18.7.8 addresses the following issues. Information about the security content is also available at https://support.apple.com/en-us/127003. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Notification Services Available … Read More “APPLE-SA-04-22-2026-2 iOS 18.7.8 and iPadOS 18.7.8  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 29 SEC Consult Vulnerability Lab Security Advisory < 20260415-0 > ======================================================================= title: Exposed Private Key of X.509 Certificate             product: SAP HANA Cockpit & SAP HANA Database Explorer vulnerable version: HANA Cockpit <2.18.2 (HRTT <2.16.254002)       fixed … Read More “SEC Consult SA-20260415-0 :: Exposed Private Key of X.509 Certificate in SAP HANA Cockpit & SAP HANA Database Explorer  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 29 SEC Consult Vulnerability Lab Security Advisory < 20260421-0 > ======================================================================= title: Broken Access Control in Config Endpoint product: LiteLLM vulnerable version: <=v1.83.0       fixed version: v1.83.0-nightly          CVE number: CVE-2026-35029              impact: high … Read More “SEC Consult SA-20260421-0 :: Broken Access Control in Config Endpoint in LiteLLM  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 14 SEC Consult Vulnerability Lab Security Advisory < 20260414-0 > ======================================================================= title: Improper Enforcement of Locked Accounts in WebUI (SSO)             product: Kiuwan SAST on-premise (KOP) & cloud/SaaS  vulnerable version: <2.8.2509.4       fixed version: 2.8.2509.4     … Read More “SEC Consult SA-20260414-0 :: Improper Enforcement of Locked Accounts in WebUI (SSO) in Kiuwan SAST on-premise (KOP) & cloud/SaaS  – Full Disclosure” »

  Posted by Thomas Weber | CyberDanube via Fulldisclosure on Apr 14 CyberDanube Security Research 20260408-0 ——————————————————————————- title| Remote Operation Denial of Service product| Siemens SICAM A8000 CP-8050/CP-8031/CP-8010/CP-8012 vulnerable version| <=V25.30 fixed version| V26.10 CVE number| CVE-2026-27663 impact| Medium homepage| https://siemens.com/… – Read More  – Full Disclosure 

  Posted by Thomas Weber | CyberDanube via Fulldisclosure on Apr 14 CyberDanube Security Research 20260408-1 ——————————————————————————- title| Multiple Vulnerabilities product| Siemens SICAM A8000 CP-8050/CP-8031/CP-8010/CP-8012 vulnerable version| <=V25.30 fixed version| V26.10 CVE number| CVE-2026-27664 impact| High homepage| https://siemens.com/ found|… – Read More  – Full Disclosure 

  Posted by cyber security on Apr 02 A vulnerability was identified in OWASP CRS where whitespace padding in filenames can bypass file upload extension checks, allowing uploads of dangerous files such as .php, .phar, .jsp, and .jspx. This issue has been assigned CVE‑2026‑33691. Impact: Attackers may evade CRS protections and upload web shells disguised … Read More “[CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability  – Full Disclosure” »

  Posted by Egidio Romano on Apr 02 ————————————————————————— MetInfo CMS <= 8.1 (weixinreply.class.php) PHP Code Injection Vulnerability ————————————————————————— [-] Software Link: https://www.metinfo.cn [-] Affected Versions: Versions 7.9, 8.0, and 8.1. [-] Vulnerability Description: The vulnerable code is located into the… – Read More  – Full Disclosure 

  Posted by Joseph Goydish II via Fulldisclosure on Apr 02 SUMMARY Apple’s Oblivious HTTP relay for Live Caller ID Lookup (iOS 18+) routes traffic through 14 third-party endpoints across six countries. These include an anonymous Delaware LLC sharing data with OpenAI, a Russian endpoint (Yandex), and a Swiss GmbH whose privacy policy names “The … Read More “Apple OHTTP Relay: 14 Third-Party Endpoints, 6 Countries, Zero User Visibility  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 02 SEC Consult Vulnerability Lab Security Advisory < 20260326-0 > ======================================================================= title: Local Privilege Escalation product: Vienna Assistant (MacOS) – Vienna Symphonic Library  vulnerable version: 1.2.542 fixed version: – CVE number: CVE-2026-24068              impact: high homepage:https://www.vsl.co.at/       … Read More “SEC Consult SA-20260326-0 :: Local Privilege Escalation in Vienna Assistant (MacOS) – Vienna Symphonic Library  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 02 SEC Consult Vulnerability Lab Security Advisory < 20260401-0 > ======================================================================= title: Broken Access Control             product: Open WebUI  vulnerable version: <v0.8.11       fixed version: v0.8.11 CVE number: CVE-2026-34222              impact: high … Read More “SEC Consult SA-20260401-0 :: Broken Access Control in Open WebUI  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Mar 28 APPLE-SA-03-24-2026-1 iOS 26.4 and iPadOS 26.4 iOS 26.4 and iPadOS 26.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126792. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. 802.1X Available for: … Read More “APPLE-SA-03-24-2026-1 iOS 26.4 and iPadOS 26.4  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Mar 28 APPLE-SA-03-24-2026-2 iOS 18.7.7 and iPadOS 18.7.7 iOS 18.7.7 and iPadOS 18.7.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/126793. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. 802.1X Available for: … Read More “APPLE-SA-03-24-2026-2 iOS 18.7.7 and iPadOS 18.7.7  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Mar 28 APPLE-SA-03-24-2026-3 macOS Tahoe 26.4 macOS Tahoe 26.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126794. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. 802.1X Available for: macOS Tahoe Impact: An … Read More “APPLE-SA-03-24-2026-3 macOS Tahoe 26.4  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Mar 28 APPLE-SA-03-24-2026-4 macOS Sequoia 15.7.5 macOS Sequoia 15.7.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/126795. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. 802.1X Available for: macOS Sequoia Impact: An … Read More “APPLE-SA-03-24-2026-4 macOS Sequoia 15.7.5  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Mar 28 APPLE-SA-03-24-2026-5 macOS Sonoma 14.8.5 macOS Sonoma 14.8.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/126796. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. 802.1X Available for: macOS Sonoma Impact: An … Read More “APPLE-SA-03-24-2026-5 macOS Sonoma 14.8.5  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Mar 28 APPLE-SA-03-24-2026-6 tvOS 26.4 tvOS 26.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126797. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. 802.1X Available for: Apple TV HD and Apple TV … Read More “APPLE-SA-03-24-2026-6 tvOS 26.4  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Mar 28 APPLE-SA-03-24-2026-7 watchOS 26.4 watchOS 26.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126798. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. 802.1X Available for: Apple Watch Series 6 and later … Read More “APPLE-SA-03-24-2026-7 watchOS 26.4  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Mar 28 APPLE-SA-03-24-2026-8 visionOS 26.4 visionOS 26.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126799. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. 802.1X Available for: Apple Vision Pro (all models) Impact: … Read More “APPLE-SA-03-24-2026-8 visionOS 26.4  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Mar 28 APPLE-SA-03-24-2026-9 Safari 26.4 Safari 26.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126800. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. WebKit Available for: macOS Sonoma and macOS Sequoia Impact: … Read More “APPLE-SA-03-24-2026-9 Safari 26.4  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Mar 28 APPLE-SA-03-24-2026-10 Xcode 26.4 Xcode 26.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126801. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. otool Available for: macOS Tahoe 26.2 and later Impact: … Read More “APPLE-SA-03-24-2026-10 Xcode 26.4  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Mar 19 SEC Consult Vulnerability Lab Security Advisory < 20260317-0 > ======================================================================= title: Multiple vulnerabilities           product: PEGA Infinity platform vulnerable version: CVE-2025-62181: Pega Platform versions 7.1.0 through Infinity 25.1.0                     CVE-2025-9559: … Read More “SEC Consult SA-20260317-0 :: Multiple vulnerabilities in PEGA Infinity platform  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Mar 19 SEC Consult Vulnerability Lab Security Advisory < 20260318-0 > ======================================================================= title: Multiple Privilege Escalation Vulnerabilities product: Arturia Software Center MacOS vulnerable version: 2.12.0.3157 fixed version: – CVE number: CVE-2026-24062, CVE-2026-24063              impact: high homepage:… – Read More  – Full … Read More “SEC Consult SA-20260318-0 :: Multiple Privilege Escalation Vulnerabilities in Arturia Software Center MacOS  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Mar 19 APPLE-SA-03-17-2026-1 Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2 Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/126604. Apple maintains a … Read More “APPLE-SA-03-17-2026-1 Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2  – Full Disclosure” »

  Posted by Qualys Security Advisory via Fulldisclosure on Mar 19 Qualys Security Advisory Good things come to those who wait: snap-confine + systemd-tmpfiles = root (CVE-2026-3888) ======================================================================== Contents ======================================================================== Summary Case study: Ubuntu Desktop 24.04 – Analysis – Exploitation Case study: Ubuntu Desktop 25.10 – Overview – Exploitation A quick note on the uutils … Read More “snap-confine + systemd-tmpfiles = root (CVE-2026-3888)  – Full Disclosure” »

  Posted by Jiqiang Feng via Fulldisclosure on Mar 16 [This is an update to communications sent March 12-14 regarding Alipay security vulnerabilities.] — On March 15, 2026, four WeChat articles documenting security vulnerabilities in Alipay were forcibly deleted from the public account AI-security-innora. The deletion was carried out by Tencent at the request of … Read More “UPDATE: Ant Group Censors 4 Security Research Articles After Initial Complaint Rejection  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Mar 12 SEC Consult Vulnerability Lab Security Advisory < 20260224-0 > ======================================================================= title: Multiple vulnerabilities             product: CPSD CryptoPro Secure Disk for BitLocker  vulnerable version: 7.6.4.16432 (76212) fixed version: 7.6.6 / 7.7.1 CVE number: CVE-2025-10010           … Read More “SEC Consult SA-20260224-0 :: Multiple vulnerabilities in CPSD CryptoPro Secure Disk for BitLocker (CVE-2025-10010)  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Mar 12 APPLE-SA-03-11-2026-1 iOS 16.7.15 and iPadOS 16.7.15 iOS 16.7.15 and iPadOS 16.7.15 addresses the following issues. Information about the security content is also available at https://support.apple.com/126646. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. WebKit Available for: … Read More “APPLE-SA-03-11-2026-1 iOS 16.7.15 and iPadOS 16.7.15  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Mar 12 APPLE-SA-03-11-2026-2 iOS 15.8.7 and iPadOS 15.8.7 iOS 15.8.7 and iPadOS 15.8.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/126632. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Kernel Available for: … Read More “APPLE-SA-03-11-2026-2 iOS 15.8.7 and iPadOS 15.8.7  – Full Disclosure” »

  Posted by GregD via Fulldisclosure on Mar 12 Hi, I’m disclosing five vulnerabilities discovered during an authorised security assessment of the Cohesity TranZman Migration Appliance (formerly Stone Ram TranZman), Release 4.0 Build 14614. CVE-2025-67840 – Web API Command Injection (CVSS 7.2 High) The /api/v1/scheduler/run and /api/v1/actions/run endpoints allow authenticated administrators to execute arbitrary commands … Read More “Cohesity TranZman Migration Appliance – 5 CVEs (command injection, LPE, unsigned patches, weak crypto)  – Full Disclosure” »

  Posted by Feng Ning via Fulldisclosure on Mar 12 Subject: Alipay DeepLink+JSBridge Attack Chain: Silent GPS Exfiltration, 17 Vulns, 6 CVEs (CVSS 9.3) # Alipay DeepLink + JSBridge Attack Chain # Silent GPS Exfiltration via Crafted URL ## Overview Researcher: Jiqiang Feng / Innora AI Security Research Vendor: Ant Group (蚂蚁集团) / Alibaba Group … Read More “Alipay DeepLink+JSBridge Attack Chain: Silent GPS Exfiltration, 17 Vulns, 6 CVEs (CVSS 9.3)  – Full Disclosure” »

  Posted by Stefan Kanthak via Fulldisclosure on Mar 12 Hi @ll, about 2 months ago I posted <https://seclists.org/fulldisclosure/2025/Dec/29> “Defense in depth — the Microsoft way (part 94): SAFER (SRPv1 and AppLocker alias SRPv2) bypass for dummies” Here’s the continuation… About 23 years ago, 64-bit Windows introduced the WoW64 subsystem, which performs a transpatent redirection … Read More “Defense in depth — the Microsoft way (part 96): yet another SAFER (SRPv1) and AppLocker (SRPv2) loophole  – Full Disclosure” »

  Posted by Daniel Owens via Fulldisclosure on Mar 12 As previously mentioned, via “Struts2 and Related Framework Array/Collection DoS” (26 October 2025), hundreds of JavaScript object notation (JSON) libraries are vulnerable to unconstrained resource consumption through large JSON arrays, which, when deserialised, create arbitrarily large collections/arrays/data structures. This work looks specifically at the Apache … Read More “JSON Deserialiser Unconstrained Resource Consumption Quick Overview  – Full Disclosure” »

  Posted by Egidio Romano on Feb 22 —————————————————————————- SmarterMail <= 9518 (MailboxId) Reflected Cross-Site Scripting Vulnerability —————————————————————————- [-] Software Link: https://www.smartertools.com/smartermail/business-email-server [-] Affected Versions: Build 9518 and prior builds. [-] Vulnerability Description: User input passed through the… – Read More  – Full Disclosure 

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Feb 22 SEC Consult Vulnerability Lab Security Advisory < 20260218-0 > ======================================================================= title: Multiple Critical Vulnerabilities product: NesterSoft WorkTime (on-prem/cloud) vulnerable version: <= 11.8.8 fixed version: No patch available, vendor unresponsive. CVE number: CVE-2025-15563, CVE-2025-15562, CVE-2025-15561… – Read More  – Full Disclosure 

  Posted by Apple Product Security via Fulldisclosure on Feb 16 APPLE-SA-02-11-2026-4 macOS Sequoia 15.7.4 macOS Sequoia 15.7.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126349. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: macOS Sequoia Impact: An … Read More “APPLE-SA-02-11-2026-4 macOS Sequoia 15.7.4  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Feb 16 APPLE-SA-02-11-2026-5 macOS Sonoma 14.8.4 macOS Sonoma 14.8.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126350. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: macOS Sonoma Impact: An … Read More “APPLE-SA-02-11-2026-5 macOS Sonoma 14.8.4  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Feb 16 APPLE-SA-02-11-2026-6 tvOS 26.3 tvOS 26.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/126351. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Bluetooth Available for: Apple TV HD and Apple TV … Read More “APPLE-SA-02-11-2026-6 tvOS 26.3  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Feb 16 APPLE-SA-02-11-2026-7 watchOS 26.3 watchOS 26.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/126352. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Bluetooth Available for: Apple Watch Series 6 and later … Read More “APPLE-SA-02-11-2026-7 watchOS 26.3  – Full Disclosure” »