May 7, 2024 at 01:13PM Nearly 52,000 vulnerable Tinyproxy instances exposed to CVE-2023-49606, a critical remote code execution flaw. Cisco Talos disclosed the use-after-free vulnerability in December 2023, affecting versions 1.11.1 and 1.10.0. After receiving no response from developers, Cisco reported detailed information and proof-of-concept exploits. On Sunday, Tinyproxy released a fix to prevent exploitation, … Read more
March 12, 2024 at 02:21PM Summary: Apple ID HT214090 addresses CVE-2024-23300, a use-after-free issue in GarageBand. The release on 2024-03-12 includes improved memory management to mitigate potential impact. Users of macOS Ventura and macOS Sonoma are advised to install the update to prevent unexpected app termination or arbitrary code execution when processing malicious files. Based … Read more
October 25, 2023 at 02:36PM Summary: Apple has addressed several security vulnerabilities in the WebKit software. These issues could potentially lead to arbitrary code execution or denial-of-service attacks when processing web content. Updates are available for macOS Monterey and macOS Ventura. Here are the key takeaways from the meeting notes: 1. Apple has released an … Read more