October 15, 2024 at 02:21PM Apple’s watchOS 10.5 addresses multiple security vulnerabilities, including memory handling, authentication issues, and input validation. These may allow local attackers to execute arbitrary code, access user data, or cause system shutdown. Updates are available for Apple Watch Series 4 and later to mitigate these risks. Release date: May 13, 2024. … Read more
October 15, 2024 at 01:51PM Apple released a security update for tvOS 17.6 on July 29, 2024, addressing several vulnerabilities (CVE-2024-40774, 40799, 40815, etc.) that could allow apps to bypass privacy settings, cause app terminations, reveal kernel memory layout, or enable cross-site scripting attacks. Update is available for Apple TV HD and 4K models. ### … Read more
October 15, 2024 at 01:39PM The update for watchOS 10.6, available for Apple Watch Series 4 and later, addresses multiple security vulnerabilities including out-of-bounds access, information disclosure, and permissions issues. These fixes prevent app crashes, unauthorized privacy access, and potential gains in local kernel memory knowledge. Release date is July 29, 2024. **Meeting Takeaways: Security … Read more
October 15, 2024 at 01:28PM Apple’s macOS Ventura 13.7 release includes multiple security updates addressing various vulnerabilities. Key issues involve potential leaks of sensitive user data, app access to protected file systems, buffer overflow risks, and improper handling of permissions and privacy data. Updates are available to mitigate these risks. ### Meeting Takeaways **Apple ID**: … Read more
October 13, 2024 at 02:30PM The security update for macOS Sonoma 14.7 addresses several vulnerabilities, including improved permissions and memory handling, reducing risks of unauthorized data access and unexpected app terminations. Key issues include library injection, privacy breaches, and path handling weaknesses. Updates are available to mitigate these risks effectively. ### Meeting Takeaways **Release Information:** … Read more
October 13, 2024 at 02:30PM A security update for tvOS 18, available for Apple TV HD and 4K models, addresses multiple CVEs, including input validation and integrity issues, which could lead to app termination, denial-of-service, unauthorized Bluetooth access, cross site scripting, and data exfiltration. Release date is September 16, 2024. ### Meeting Takeaways **Release Information:** … Read more
August 19, 2024 at 05:32PM Microsoft apps for macOS have been found vulnerable to library injection attacks, enabling malicious actions without user interaction. Researchers at Cisco Talos identified that these apps, including Outlook, Teams, PowerPoint, and more, disable library validation, allowing attackers to gain unauthorized access. Despite being alerted, Microsoft has categorized the issue as … Read more
August 8, 2024 at 09:06AM Security researchers at Black Hat USA 2024 highlighted the evolving threat landscape for organizations due to the expanded use of SaaS applications. They revealed that attackers are leveraging valid credentials to breach SaaS environments, bypassing traditional cyber kill chain steps. It’s crucial for security teams to reassess defenses and implement … Read more
July 30, 2024 at 10:04AM A new version of the sophisticated Android spyware Mandrake has been discovered in five apps on Google Play Store, remaining undetected for two years. The malware includes obfuscation and evasion techniques and can collect device information, initiate screen sharing, and steal credentials. Researchers emphasize the evolving threat and Google’s continuous … Read more
July 1, 2024 at 10:23AM A popular dependency manager for Apple apps, CocoaPods, has been exposed to serious vulnerabilities for years. This poses a significant risk to the security of over three million apps, including major ones like Instagram and Uber. The platform’s flaws, discovered by E.V.A Information Security, include critical remote code execution opportunities … Read more