January 25, 2024 at 06:48AM Mozilla announced security updates for Firefox and Thunderbird to patch 15 vulnerabilities, including five high-severity flaws. The first flaw could allow memory corruption and potential denial of service or execution of arbitrary code. Other issues include failure to update user input timestamp, unchecked return value in TLS handshake code, and … Read more
January 22, 2024 at 01:42PM Summary: Apple has released updates addressing multiple security vulnerabilities impacting products such as Apple Neural Engine, CoreCrypto, Kernel, NSSpellChecker, TCC, Time Zone, and WebKit. These vulnerabilities could potentially lead to arbitrary code execution, unauthorized access to sensitive data, and other security risks. From the provided meeting notes, it is clear … Read more
January 22, 2024 at 01:42PM Summary: Multiple CVEs are addressed, including memory handling, timing side-channel issues, redaction of sensitive information, and improved handling of files. Updates are available for various products, such as Apple Neural Engine, CoreCrypto, Kernel, Mail Search, NSSpellChecker, etc., impacting devices like iPhone XS and later, iPad Pro, and more. From the … Read more
January 11, 2024 at 09:07AM A session management issue (CVE-2024-0230) impacting Bluetooth accessories was addressed with improved checks. The update, released on January 9, 2024, mitigates the risk of attackers extracting Bluetooth pairing keys and monitoring traffic. Affected products include various Magic Keyboards, with an available update to address the issue. Based on the meeting … Read more
January 10, 2024 at 01:06AM In January 2024, Microsoft addressed 48 security flaws in its software, with 2 rated Critical and 46 Important. No evidence indicates active attacks, marking the second consecutive Patch Tuesday with no zero-days. This includes fixes for vulnerabilities in the Chromium-based Edge browser. Other vendors have also released security updates to … Read more