Multiple Trend Micro Deep Discovery Inspector Vulnerabilities

September 19, 2024

Snake Keylogger Malware – Active IOCs

September 20, 2024

Multiple Apple visionOS Vulnerabilities

September 19, 2024

Severity

Medium

Analysis Summary

CVE-2024-44167 CVSS:5.5

Apple visionOS could allow a local attacker to overwrite arbitrary files, caused by an error in the Notes component. By using a specially crafted application, a local attacker could exploit his vulnerability to overwrite arbitrary files on the system.

CVE-2024-40825 CVSS:4.2

Apple visionOS could allow a local authenticated attacker to bypass security restrictions, caused by an issue in the APFS component. By using a specially crafted application, an attacker could exploit this vulnerability to modify the contents of system files.

CVE-2024-44165 CVSS:5.5

Apple visionOS could allow a local attacker to obtain sensitive information, caused by a logic error in the Kernel component. By using a specially crafted application, a local attacker could exploit his vulnerability to obtain network traffic that was leaked outside the VPN tunnel.

CVE-2024-27876 CVSS:5.5

Apple visionOS could allow a local attacker to bypass security restrictions, caused by a race condition issue in the Compression component. By unpacking a specially crafted archive, an attacker could exploit this vulnerability to write arbitrary files on the system.

CVE-2024-40790 CVSS:5.5

Apple visionOS could allow a local attacker to obtain sensitive information, caused by an error in the Presence component. By using a specially crafted application, a local attacker could exploit his vulnerability to read sensitive data from the GPU memory.

CVE-2024-40865 CVSS:4

Apple visionOS could allow a local attacker to obtain sensitive information, caused by an error in the Presence component. A local attacker could exploit his vulnerability to infer inputs to the virtual keyboard.

Impact

Gain Access
Information Disclosure
Security Bypass

Indicators of Compromise

CVE

CVE-2024-44167
CVE-2024-40825
CVE-2024-44165
CVE-2024-27876
CVE-2024-40790
CVE-2024-40865

Affected Vendors

Apple

Affected Products

Apple visionOS
Apple visionOS 1.2

Remediation

Refer to Apple security document for patch, upgrade or suggested workaround information.

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

iOS Activation Bug Allows Unauthenticated XML Injection

Critical Threat: Gunra Ransomware Targets Critical Sectors Worldwide – Active IOCs

Lyrix Ransomware – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us