Safari could be exploited with new iLeakage attack

Safari now suffers from new exploit allowing malicious website to render arbitrary webpage and extract information out of it.

As of now, there is a workaround requiring access to developer menu on macOS.

Paste the following command in Terminal: defaults write com.apple.Safari IncludeInternalDebugMenu 1

Open Safari and select "Debug" from the menu bar, select "WebKit Internal Features" then Scroll down and click "Swap Processes on Cross-Site Window Open"

AppleInsider

It is expected that this vulnerability will be fixed by Apple in upcoming software updates.

Disclosure: iLeakage

References:

macOS 13 Ventura exploit is revealed 10 months after discovery

Exploit in macOS App Management subsystem allowing modification of signed applications was reported to Apple 10 months ago, but is still not resolved. Apple did fix other exploits though.

Johnson says the overwriting of the file completely bypasses App Management in macOS 13.5.1. "The straightforwardness and ease of the bypass is truly stunning."

AppleInsider

No comments from Apple are currently available.

Jeff Johnson: macOS 0day: App Management

Reference: macOS Ventura App Management exploit revealed 10 months after discovery

Bugs in macOS make some apps invisible

Background Task Manager is one of the malware prevention mechanisms in macOS. Manager checks for apps asking to run code in background and presents alerts to user to approve such action.

Bugs in Background Task Manager allow malicious apps to prevent this alert from being displayed. Apple is notified of the issue.

References:

Intel Macs are also vulnerable to Downfall and Inception vulnerabilities

Recently discovered Downfall and Inception vulnerabilities in Intel and AMD processors are also affecting Mac computers built with Intel CPUs.

This vulnerabilities could lead to security keys leakage to unprivileged code. There are no known exploits using this vulnerability at the time of writing.

AMD and Intel have both already released OS-level microcode software updates to address both issues. Both companies have also said that they're not aware of any active in-the-wild exploits of either vulnerability. Consumer, workstation, and server CPUs are all affected, making patching particularly important for server administrators.

Ars Technica

CVE: CVE-2022-40982

Ars Technica: “Downfall” bug affects years of Intel CPUs, can leak encryption keys and more

References:

Developer used iOS 16 exploit to change system font without jailbreak

The exploit which was fixed in iOS 16.2 provided a way for a developer to change system font on iPhone.

Zhuowei Zhang shared a story behind his proof-of-concept app. App itself is available as source code on GitHub.

Apple Support: About the security content of iOS 16.2 and iPadOS 16.2

GitHub: WDBFontOverwrite

Reference: Developer uses iOS 16 exploit to change system font without jailbreak

Absolutely CRITICAL vulnerability in OpenSSL (versions 3.x only)

The security gap is so serious that the OpenSSL team decided to announce that and the patch is coming:

https://twitter.com/iamamoose/status/1584908434855628800

Full information on the details of the vulnerability (and probably the exploit …) will be available on November 1st. As you can see, the whole thing only touches the 3.x OpenSSL line.

It is also worth noting that the OpenSSL team retains the 'Critical' status for really serious occasions. Since the beginning of the vulnerability assessment (end of 2014), this label has only been used once so far.

more:

https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html