March 25, 2024 at 01:54PM Summary: Apple released an update on March 25, 2024, addressing CVE-2024-1580, an out-of-bounds write issue impacting CoreMedia and WebRTC on macOS Ventura. The update improves input validation to mitigate the risk of arbitrary code execution when processing images. It appears that there are two security vulnerabilities, both tied to CVE-2024-1580. … Read more
March 12, 2024 at 06:13PM Microsoft’s March Patch Tuesday update addresses 60 unique CVEs, with only two rated as “critical”. Both affect Windows Hyper-V: CVE-2024-21407, a remote code execution (RCE) bug, and CVE-2024-21408, a denial-of-service (DoS) vulnerability. The update also includes fixes for 18 RCE and two dozen elevation-of-privilege vulnerabilities, requiring immediate attention. Notably, this … Read more
March 7, 2024 at 01:51PM The following security issues have been addressed in the macOS Sonoma update: privacy concerns, privilege elevation, arbitrary code execution, denial-of-service vulnerabilities, and access to sensitive data. Multiple products, including Accessibility, Bluetooth, CoreBluetooth – LE, Photos, Safari, Siri, WebKit, among others, have been updated. Users are urged to install the update … Read more
March 7, 2024 at 01:51PM Summary: Apple TV HD and Apple TV 4K have updates available to address numerous security vulnerabilities. The issues include privacy, elevation of privileges, access restrictions, memory handling, and logic issues. Affected products range from accessibility notifications to web content, with potential impacts on user data, system integrity, and elevated code … Read more
March 6, 2024 at 08:31AM Google released security updates for Android, addressing 38 vulnerabilities including 2 critical flaws in the System component impacting Android 12, 12L, 13, and 14. The flaws could result in remote code execution and elevation of privilege. Devices can be protected by installing the March 2024 security update. Other components like … Read more
February 7, 2024 at 01:30PM Cisco has addressed critical vulnerabilities in its Expressway Series gateways through patches, mitigating the risk of cross-site request forgery (CSRF) attacks. These security flaws could allow attackers to remotely target and manipulate vulnerable systems. Expressway Series devices with default configurations are impacted by the vulnerabilities, prompting the need for migration … Read more
February 6, 2024 at 03:09PM Two critical command injection vulnerabilities (CVE-2024-23108 and CVE-2024-23109) in Fortinet’s FortiSIEM product have provisional CVSS scores of 10. These flaws impact multiple versions of FortiSIEM, potentially allowing threat actors to execute unauthorized code. The link provided by Fortinet leads to a write-up on a prior vulnerability, hinting at a potential … Read more
January 31, 2024 at 03:40PM Multiple security vulnerabilities in the runC command line tool have been disclosed, known as Leaky Vessels. These vulnerabilities could allow threat actors to escape container boundaries and launch further attacks, potentially accessing sensitive data and superuser privileges. The flaws have been addressed in runC version 1.1.12, and users are advised … Read more
January 31, 2024 at 01:34PM Summary: Apple released an update on January 31, 2024, addressing CVE-2024-23222, a type confusion issue in WebKit. The update includes improved checks to prevent arbitrary code execution from malicious web content. Apple is investigating reports of potential exploitation and has made the update available for Apple Vision Pro. Based on … Read more
January 25, 2024 at 06:48AM Mozilla announced security updates for Firefox and Thunderbird to patch 15 vulnerabilities, including five high-severity flaws. The first flaw could allow memory corruption and potential denial of service or execution of arbitrary code. Other issues include failure to update user input timestamp, unchecked return value in TLS handshake code, and … Read more