March 24, 2024 at 09:24PM Microsoft admitted to a memory leak issue in its March patches causing Windows domain controller crashes. A fix has been issued. Atlassian revealed a SQL injection bug and other critical vulnerabilities. A new, more dangerous variant of the AcidRain wiper malware has been identified. Negligent employees are the main cause … Read more
March 22, 2024 at 02:47PM Apple has released a security update for iOS 17.4, soon after its initial launch. However, the company has not provided details regarding specific vulnerabilities (CVEs) or information about the fixes in this update. Based on the meeting notes, it seems that the security update released by Apple shortly after iOS … Read more
March 20, 2024 at 08:57AM Google and Mozilla released web browser security updates addressing dozens of vulnerabilities, including critical and high-severity flaws. Chrome 123 fixes 12 bugs, one high-severity. The update also resolves medium and low-severity vulnerabilities. Google paid $22,000 in bug bounty rewards and released Chrome version 123.0.6312.58 for Linux and versions 123.0.6312.58/.59 for … Read more
March 7, 2024 at 01:51PM The following security issues have been addressed in the macOS Sonoma update: privacy concerns, privilege elevation, arbitrary code execution, denial-of-service vulnerabilities, and access to sensitive data. Multiple products, including Accessibility, Bluetooth, CoreBluetooth – LE, Photos, Safari, Siri, WebKit, among others, have been updated. Users are urged to install the update … Read more
March 7, 2024 at 01:51PM Summary: Apple TV HD and Apple TV 4K have updates available to address numerous security vulnerabilities. The issues include privacy, elevation of privileges, access restrictions, memory handling, and logic issues. Affected products range from accessibility notifications to web content, with potential impacts on user data, system integrity, and elevated code … Read more
March 7, 2024 at 01:51PM Apple released a security update to address multiple vulnerabilities in various products, including CoreBluetooth, ImageIO, Kernel, libxpc, MediaRemote, Messages, RTKit, Sandbox, Share Sheet, Siri, UIKit, WebKit. The update is available for Apple Watch Series 4 and later. These vulnerabilities may allow various exploits, including access to sensitive user data and … Read more
March 6, 2024 at 08:31AM Google released security updates for Android, addressing 38 vulnerabilities including 2 critical flaws in the System component impacting Android 12, 12L, 13, and 14. The flaws could result in remote code execution and elevation of privilege. Devices can be protected by installing the March 2024 security update. Other components like … Read more
March 5, 2024 at 04:39PM Summary: Apple released an update on 2024-03-05 addressing a memory corruption issue (CVE-2024-23225) in the kernel, which could enable an attacker to bypass kernel memory protections. The affected products include iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation. The … Read more
February 12, 2024 at 11:32AM Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti products to deploy the DSLog backdoor, allowing remote command execution. The vulnerability, known as CVE-2024-21893, affects SAML components and enables bypassing authentication. Successful attacks have been reported, prompting the release of security updates to mitigate the risk. Key takeaways … Read more
January 31, 2024 at 01:34PM Summary: Apple released an update on January 31, 2024, addressing CVE-2024-23222, a type confusion issue in WebKit. The update includes improved checks to prevent arbitrary code execution from malicious web content. Apple is investigating reports of potential exploitation and has made the update available for Apple Vision Pro. Based on … Read more