diff --git a/security/2024-05-21-security-advisory-2024-0003.md b/security/2024-05-21-security-advisory-2024-0003.md new file mode 100644 index 000000000..968186e77 --- /dev/null +++ b/security/2024-05-21-security-advisory-2024-0003.md @@ -0,0 +1,30 @@ +--- +layout: post +title: WebKitGTK and WPE WebKit Security Advisory WSA-2024-0003 +permalink: /security/WSA-2024-0003.html +tags: WSA +--- + +* Date Reported: **May 21, 2024** + +* Advisory ID: **WSA-2024-0003** + +* CVE identifiers: [CVE-2024-27834](#CVE-2024-27834) + + +Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. + +* CVE-2024-27834 + * Versions affected: WebKitGTK and WPE WebKit before 2.44.2. + * Credit to Manfred Paul working with Trend Micro's Zero Day Initiative. + * Impact: An attacker with arbitrary read and write capability may be able to bypass + Pointer Authentication. Description: The issue was addressed with improved checks. + * WebKit Bugzilla: 272750 + +We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the +best way to ensure that you are running safe versions of WebKit. Please check our websites +for information about the latest stable releases. + +Further information about WebKitGTK and WPE WebKit security advisories can be found at: +[webkitgtk.org/security.html](https://webkitgtk.org/security.html) or +[wpewebkit.org/security](https://wpewebkit.org/security).