January 31, 2024 at 01:34PM Summary: Apple released an update on January 31, 2024, addressing CVE-2024-23222, a type confusion issue in WebKit. The update includes improved checks to prevent arbitrary code execution from malicious web content. Apple is investigating reports of potential exploitation and has made the update available for Apple Vision Pro. Based on … Read more
January 22, 2024 at 01:42PM Summary: Multiple CVEs are addressed, including memory handling, timing side-channel issues, redaction of sensitive information, and improved handling of files. Updates are available for various products, such as Apple Neural Engine, CoreCrypto, Kernel, Mail Search, NSSpellChecker, etc., impacting devices like iPhone XS and later, iPad Pro, and more. From the … Read more
December 11, 2023 at 04:21PM Summary: Apple has released updates for macOS Monterey and macOS Ventura to address security vulnerabilities in WebKit. The vulnerabilities could lead to arbitrary code execution when processing web content (CVE-2023-42890) and denial-of-service when processing an image (CVE-2023-42883). The issues were resolved with improved memory handling. Based on the meeting notes, … Read more
December 11, 2023 at 01:45PM Several security vulnerabilities have been addressed in Apple’s products, including issues with sensitive data redaction, memory handling, and potential code execution. Demonstrating a wide-reaching impact, vulnerabilities affect various products such as Accounts, AVEVideoEncoder, Find My, ImageIO, Kernel, and WebKit for specific Apple devices. Updates are available for relevant device models. … Read more
December 11, 2023 at 01:45PM Summary: Various CVEs were addressed with updates for macOS Sonoma, addressing issues such as secure text field display, privacy issues, memory corruption, logic issues, and improved memory handling. Impact includes app termination, arbitrary code execution, sensitive data access, and denial-of-service. Affected products include Accessibility, Accounts, AppleGraphicsControl, and others. From the … Read more
December 11, 2023 at 01:45PM Summary: Apple has addressed various security issues with improved redaction, memory handling, and logic checks in macOS Ventura. The updates aim to prevent unauthorized access to sensitive user data across products like Accounts, AppleEvents, CoreServices, and more. Additionally, upgrades for specific applications like Vim and ncurses are available to mitigate … Read more
December 11, 2023 at 01:45PM Several privacy and security issues were addressed in the release of Apple’s software update, including improved data redaction, memory handling, and input validation. These updates apply to various products and address potential impacts such as unauthorized access to sensitive data, arbitrary code execution, and denial-of-service. Update is available for Apple … Read more
November 2, 2023 at 05:30AM Researchers have discovered that up to 34 different Windows drivers could be exploited by threat actors without privileged access to gain control of devices and execute arbitrary code. Exploiting these drivers could allow attackers to erase or alter firmware and elevate privileges. The vulnerabilities have been identified in drivers including … Read more
November 1, 2023 at 08:49AM Threat actors are continuously publishing malicious NuGet packages as part of an ongoing campaign, exploiting code execution capabilities. The campaign, which began in August, has seen hundreds of malicious packages placed in the NuGet repository. The threat actors adapt their tactics, utilizing typosquatting and placing malicious functionality in .targets files … Read more
October 26, 2023 at 05:22PM Apple released a security update to fix a vulnerability, tracked as CVE-2023-32434, that has already been exploited by cyber snoops. This flaw allowed the execution of arbitrary code with kernel privileges. It is the second patch issued by Apple to address this vulnerability. Kaspersky researchers discovered the bug and reported … Read more