From cff2fa7b679f22cd73922878d64890e9bbd7c8fb Mon Sep 17 00:00:00 2001 From: Joseph Goydish II Date: Thu, 2 Oct 2025 17:54:40 -0400 Subject: [PATCH] Add files via upload Confirmation email via VINCE reporting portal --- ...erterService 2025-01-23T10_12_31-05_00.eml | 110 ++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 25-01-MPVDT (Updated) [gen-41698] [VRF#25-01-MPVDT] Apple iOS in AudioConverterService 2025-01-23T10_12_31-05_00.eml diff --git a/25-01-MPVDT (Updated) [gen-41698] [VRF#25-01-MPVDT] Apple iOS in AudioConverterService 2025-01-23T10_12_31-05_00.eml b/25-01-MPVDT (Updated) [gen-41698] [VRF#25-01-MPVDT] Apple iOS in AudioConverterService 2025-01-23T10_12_31-05_00.eml new file mode 100644 index 0000000..b821047 --- /dev/null +++ b/25-01-MPVDT (Updated) [gen-41698] [VRF#25-01-MPVDT] Apple iOS in AudioConverterService 2025-01-23T10_12_31-05_00.eml @@ -0,0 +1,110 @@ +Return-Path: <0100019493b8d641-39fe5e62-4d73-4e61-ba36-c8802bb7d7a7-000000@amazonses.com> +X-Original-To: josephgoyd@proton.me +Delivered-To: josephgoyd@proton.me +Authentication-Results: mail.protonmail.ch; dkim=pass (Good 1024 bit + rsa-sha256 signature) header.d=cert.org header.a=rsa-sha256; dkim=pass + (Good 1024 bit rsa-sha256 signature) header.d=amazonses.com + header.a=rsa-sha256 +Authentication-Results: mail.protonmail.ch; dmarc=pass (p=none dis=none) + header.from=cert.org +Authentication-Results: mail.protonmail.ch; spf=pass smtp.mailfrom=amazonses.com +Authentication-Results: mail.protonmail.ch; arc=none smtp.remote-ip=54.240.8.30 +Authentication-Results: mail.protonmail.ch; dkim=pass (1024-bit key) header.d=cert.org + header.i=@cert.org header.b="TjRQouCJ"; dkim=pass (1024-bit key) header.d=amazonses.com + header.i=@amazonses.com header.b="IQ5Fj+x3" +Received: from a8-30.smtp-out.amazonses.com (a8-30.smtp-out.amazonses.com [54.240.8.30]) + (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) + key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No + client certificate requested) by mailin053.protonmail.ch (Postfix) with ESMTPS id + 4Yf4F046XNz3v for ; Thu, 23 Jan 2025 15:12:36 +0000 (UTC) +Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; + s=zr2q7qzk2bw3mfxafkttrbx3dstyubyk; d=cert.org; t=1737645151; + h=Content-Type:MIME-Version:Content-Transfer-Encoding:Subject:From:To:Reply-To:Date:Message-ID; + bh=dZXL2b7EVXIuWrmiCNi3s/lBERkb7h4WFWSAweq4IBU=; + b=TjRQouCJKevHpOnJhqdrHwt9TeuWeogPKNMMIGcGWo4/L3mOIFEacB7Gu2yiOlA1 + g5CRDyTsqwOliqNUI9q8ddxRvdAvaApzDuJVkh/IFrgIBFjQs/zPfvK84R+19zqhSfW + 38D/4Y2a0istnaN2MlfrGh4AXtHLy8Qp6lcyP7TA= +Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; + s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1737645151; + h=Content-Type:MIME-Version:Content-Transfer-Encoding:Subject:From:To:Reply-To:Date:Message-ID:Feedback-ID; + bh=dZXL2b7EVXIuWrmiCNi3s/lBERkb7h4WFWSAweq4IBU=; + b=IQ5Fj+x3Lj0jU9KMeVrro27AIEtn3iGMoM3/G1vvcjj/qzB4zSgjmFP3Sl+1alPn + zvsKTF8QZAVDnPU3EBYrp1rA3f0KcDvGWMxk1hL/67tNL9nTGT9Ny+BRdbnMGDoFb1g + kYRBypjpxoIs1XnIe2nYsAE3v9AnbKoyTE0WuY3Q= +Content-Type: multipart/mixed;boundary=---------------------e13bc5dfa0e7706a401ef48e6cec4c5c +Mime-Version: 1.0 +Content-Transfer-Encoding: 7bit +Subject: 25-01-MPVDT (Updated) [gen-41698] [VRF#25-01-MPVDT] Apple iOS in + AudioConverterService +From: VINCE +To: josephgoyd@proton.me +Reply-To: cert+donotreply@cert.org +Date: Thu, 23 Jan 2025 15:12:31 +0000 +Message-Id: <0100019493b8d641-39fe5e62-4d73-4e61-ba36-c8802bb7d7a7-000000@email.amazonses.com> +X-Vince: auto-notify +Status: 200 +Message_id: 0100019493b539d5-2a0640b0-cca7-4db4-8c2e-3f4932f2844f-000000 +Request_id: 68d6c989-d81c-4c57-8f53-6901e27d7af6 +Feedback-Id: ::1.us-east-1.It3vpLGD8OCn/d2rkkLjTPfaHJfBFSfb3QH4vYKCzbo=:AmazonSES +X-Ses-Outgoing: 2025.01.23-54.240.8.30 +X-Pm-Spam: 0yezJI6cihyJeYR3pi42biOpJJvbmsCIeINmhnVGd3b5JoiIjEVBVQRVFsIyUmIs1NjX + 3l3JbIpj7SBlI0TiQ0yOiiSwNUJFPz8FRFUiIAuOj5TkMOUT1xADMDNzcI2NDsDIOIBlSfR0TFUFJl + DREPElVTIi6iwCMlUiM0xOifCJLZVGifdWdWam5I6byQyJeU9kE7pjImItldlYWh25XbUWioJiO3ch + RtfY2umlZZ9V0l5WdFZw98ydV0DIMMUDxsIyMmIzlltX2yG9cdFGu6ICdCMiwFpbWzF8bcJHfk9WbW + ZiwJtOisWlYdFGnvNmLWbpJVkbmp2ZXbVm0l5WdCZy4I0MDyDIMM5Sj0B3aiIiwFpbWzF8bcJHfvJH + ciY6I4xMC5TkONUTw0EDMzN0MY4MjiiwMbFWpj9FbXYlR9yZ2tV9ebR2l6ICbmIh1xjaWuXQYY92tu + lmYWZfRluZm1XRZbVmkwIjLjMwQIxMjrmNLcQHitJCLWYslNhX2nGVdbJ35h52XWbiUJVOiBERUVVE + TiwiIWbpF9jbFlXRYZ92yw9Vemci9owIj5jkLOYT34kTNTO1EAwMTiSwMc9FztFGcjIwoAwLj2jcMN + cT2zgTOzNyQE1NDiSwOc9FztFGc2XhJUic2ujAOMADy1YzNzN5YM3OD0DINMUT5wJCL3X3NRjaX0F9 + ab91pvJmbCe6I4yMC5jENNYD51YTMDOyAAyMDwCJLXN33jRXaFa099wb1zGlaalGu6IyZCM04A4NDz + jQMOkD03cTNDM2IwiNCzF9cdl20fh2YGdf9Bhc36SIbM4C3zgTMzN0QExMzyzMMNAzzyJCLWdf5Ftb + m6SIZIFmsm1CbWZ0FJldXwy1cd9Vz0l2d2Yig19fXzCJLclmkiojIjN5cVjMjxjYNMZ2lyQDNGZ4Il + jNjiGNMI1n9 +X-Pm-Origin: external +X-Pm-Transfer-Encryption: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) +X-Pm-Content-Encryption: on-delivery +X-Pm-Spamscore: 0 +X-Pm-Spam-Action: inbox + +-----------------------e13bc5dfa0e7706a401ef48e6cec4c5c +Content-Transfer-Encoding: quoted-printable +Content-Type: text/plain;charset=utf-8 + +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +THIS IS AN AUTOMATED EMAIL. +THIS EMAIL IS SENT FROM AN ACCOUNT THAT IS NOT MONITORED. +DO NOT REPLY TO THIS EMAIL, OR WE WILL BE UNABLE TO RESPOND. +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Greetings Joseph, + +Please work with Apple on this vulnerability as well. Ensure to tell them = +when you plan to go public with your findings (we recommend giving vendors= + at least 45 days). In addition to a blog, you could also request a CVE fr= +om MITRE using the following process. + +From this page, https://cve.mitre.org/cve/request_id.html: +1. Locate the correct CVE Numbering Authority (CNA) whose scope includes t= +he product affected by the vulnerability in the Participating CNAs table b= +elow. +2. Contact the CNA specified using the contact method provided. If the pro= +duct affected by the vulnerability is not covered by a CNA listed, please = +contact the appropriate CNA of Last Resort. Their scopes are listed on tha= +t page as well. + +Sincerely, + +The CERT/CC Vulnerability Team + + + + +This e-mail was sent to you as a user of our VINCE service, in accordance = +with our privacy policy. Please advise us if you believe you have received= + this e-mail in error. + +-----------------------e13bc5dfa0e7706a401ef48e6cec4c5c--