Developer used iOS 16 exploit to change system font without jailbreak

The exploit which was fixed in iOS 16.2 provided a way for a developer to change system font on iPhone.

Zhuowei Zhang shared a story behind his proof-of-concept app. App itself is available as source code on GitHub.

Apple Support: About the security content of iOS 16.2 and iPadOS 16.2

GitHub: WDBFontOverwrite

Reference: Developer uses iOS 16 exploit to change system font without jailbreak

Absolutely CRITICAL vulnerability in OpenSSL (versions 3.x only)

The security gap is so serious that the OpenSSL team decided to announce that and the patch is coming:

https://twitter.com/iamamoose/status/1584908434855628800

Full information on the details of the vulnerability (and probably the exploit …) will be available on November 1st. As you can see, the whole thing only touches the 3.x OpenSSL line.

It is also worth noting that the OpenSSL team retains the 'Critical' status for really serious occasions. Since the beginning of the vulnerability assessment (end of 2014), this label has only been used once so far.

more:

https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html

Safari 15.6.1 for macOS Catalina and Big Sur is released

Following recent OS updates Apple publishes new Safari for older macOS releases.

Recommended update

Vulnerabilities fixed by this update are currently already used, so this update is strongly recommended.

Vulnerabilities fixed by this update are currently already used, so this update is strongly recommended.

References:

Apple T2 chip vulnerability allows password brute-force attacks

Vulnerability in T2 chip used in recent Intel-based Macs allow brute-force attacks on system password, making FileVault storage crackable in reasonable time when password is short enough.

Apple Silicon Macs are unaffected by this vulnerability. On the other hand, Macs without T2 chip are easier to be brute-forced.

Use strong passwords

Time to decrypt the password depends on its length and usage of special characters. Also, avoid usage of "dictionary words" as passwords.

Reference: T2 Mac security vulnerability means passwords can now be cracked

Safari bug leaks user information, allowing user tracking

Safari 15 is exposing IndexedDB data to opened sites and in tabs and recently opened.

Sites cannot read contents of IndexedDB, however, names of databases are accessible to all sites. Google keeps user ID as a part of database name allowing cross-site tracking.

Use alternate browsers, until fix is released

Even Private Mode is vulnerable, no workarounds are available at the time.
iOS alternate browsers are also vulnerable, and Private Mode does not fully protect from tracking.

Users should use alternate browsers on macOS and wait for Apple's fix.

Live demo: Safari Leaks

Reference:

Microsoft discovered flaw in macOS, it was fixed in 12.1

Microsoft found a vulnerability called "Powerdir" in macOS. This vulnerability was addressed in macOS 12.1 Monterey.

According to Microsoft, the "Powerdir" security flaw could allow a fake TCC database to be planted. TCC is a long running macOS function that lets users configure the privacy settings of their apps, and with the fake database, a malicious person could hijack an app installed on a Mac or install their own malicious app, accessing the microphone and camera to obtain sensitive info. 

MacRumors

Apple Support: About the security content of macOS Monterey 12.1

Reference: Microsoft Discovered New 'Powerdir' macOS Vulnerability, Fixed in 12.1 Update

HomeKit vulnerability could affect iPhone responsiveness

Security researcher found an issue with HomeKit which could make iPhone unusable. Issue is triggered by very long HomeKit device name (more than 500,000 characters).

This issue will affect first the Home app and if this device appears on Control Center, the whole iOS will become unresponsive or sluggish.

Issue is still present in current iOS and iPadOS releases.

Public disclosure: doorLock

Reference: This HomeKit bug could make your iPhone completely unusable; here are the details

[UPDATED] RCE 0-day exploit found in log4j

Log4j is a popular Java logging package used by many backends.

Details of the vulnerability are available here, and according to reports, also libraries or solutions using Apache log4j (we are talking about Steam, iCloud or Minecraft servers) are also vulnerable. Solutions using the Struts library are also probably vulnerable.

Affected log4j versions: 2.0 <= Apache log4j <= 2.14.1