November 4, 2024 at 06:21AM Google identified a zero-day vulnerability in SQLite using its AI framework, Big Sleep. This marks the first real-world vulnerability discovered by an AI agent. The flaw, a stack buffer underflow, has been addressed. Google emphasizes the potential of AI in finding vulnerabilities pre-release, but notes results are still experimental. ### … Read more
October 8, 2024 at 12:42AM Qualcomm has released security updates addressing around 20 vulnerabilities in proprietary and open-source components. Among them, CVE-2024-43047 is a high-severity user-after-free bug in the DSP Service, under active exploitation. CVE-2024-33066, a critical flaw in WLAN Resource Manager, has also been patched. The updates aim to mitigate potential targeted exploitation and … Read more
October 7, 2024 at 02:35PM Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service, caused by a use-after-free weakness. The vulnerability, reported by Google Project Zero and Amnesty International Security Lab, has been exploited in targeted attacks. Qualcomm urges immediate update deployment and has also fixed another severe … Read more
March 26, 2024 at 08:48AM Apple has issued security updates for iOS and macOS to fix an arbitrary code execution vulnerability affecting CoreMedia and WebRTC components. This issue, also impacting the dav1d AV1 decoder, can lead to memory corruption and arbitrary code execution. The company credited Google Project Zero researcher Nick Galloway for reporting the … Read more