December 11, 2023 at 01:45PM Several privacy and security issues were addressed in the release of Apple’s software update, including improved data redaction, memory handling, and input validation. These updates apply to various products and address potential impacts such as unauthorized access to sensitive data, arbitrary code execution, and denial-of-service. Update is available for Apple … Read more
December 8, 2023 at 12:33PM Summary: Apple ID HT214042, released on 2023-11-06, addresses CVE-2023-42867 by improving process entitlement and Team ID validation. The issue could allow an app to gain root privileges in GarageBand. Updates are available for macOS Ventura and macOS Sonoma. Based on the meeting notes: Issue: CVE-2023-42867 Description: Improved validation of process … Read more
December 6, 2023 at 12:42AM Qualcomm disclosed details on three high-severity security flaws with CVSS scores ranging from 7.8 to 8.4, known to be exploited in targeted attacks. These vulnerabilities, reported by researchers at Google and others, are now in the CISA’s KEV catalog, with federal agencies instructed to patch by December 26. Additionally, Android’s … Read more
December 1, 2023 at 04:33PM Apple has released critical updates for iOS, iPadOS, macOS, and Safari to fix two serious security vulnerabilities (CVE-2023-42916 & CVE-2023-42917) potentially exploited in targeted attacks. The flaws, identified by Google’s Clément Lecigne, affect a wide range of Apple devices and could allow data access and code execution. Concurrently, Google patched … Read more
December 1, 2023 at 01:54AM Zyxel released patches for 15 security issues affecting NAS, firewall, and AP devices. This includes three critical vulnerabilities that could allow unauthenticated command execution. High-severity flaws enabling system information access and arbitrary command execution were also patched. Users are urged to update their devices to prevent exploitation. Meeting Takeaways: 1. … Read more
November 30, 2023 at 01:42PM Apple addressed two WebKit vulnerabilities (CVE-2023-42916 and CVE-2023-42917) that potentially leaked information and allowed code execution on older iOS versions. Updates for iPhones starting from XS and various iPad models are available to mitigate these issues. Reported exploitation exists against iOS versions before 16.7.1. Meeting Takeaways: 1. Apple has addressed … Read more