September 23, 2024 at 06:49AM Discord has introduced a new end-to-end encryption protocol, DAVE, to secure audio and video calls in DMs, Group DMs, and voice channels. However, it’s important to note that messages on Discord will remain unencrypted and subject to content moderation. DAVE uses publicly auditable encryption methods, ensuring secure communication while prioritizing … Read more
March 25, 2024 at 01:54PM Summary: Apple released an update on March 25, 2024, addressing CVE-2024-1580, an out-of-bounds write issue impacting CoreMedia and WebRTC on macOS Ventura. The update improves input validation to mitigate the risk of arbitrary code execution when processing images. It appears that there are two security vulnerabilities, both tied to CVE-2024-1580. … Read more
March 25, 2024 at 01:54PM Summary: Apple released a security update on March 21, 2024 (Apple Id: HT214093) addressing CVE-2024-1580. The update improves input validation to resolve an out-of-bounds write issue that could lead to arbitrary code execution when processing images in CoreMedia and WebRTC. Update available for: Apple Vision Pro. Based on the meeting … Read more
March 25, 2024 at 01:54PM Summary: Apple released an update addressing an out-of-bounds write issue (CVE-2024-1580) impacting CoreMedia and WebRTC. The update is available for multiple devices including iPhone XS, iPad Pro, iPad Air, and iPad mini. The issue, related to processing images, could lead to arbitrary code execution if not addressed. Based on the … Read more
January 3, 2024 at 07:58AM The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to its Known Exploited Vulnerabilities catalog. The first vulnerability, CVE-2023-7101, affects the Spreadsheet::ParseExcel library, allowing remote code execution. The second vulnerability, CVE-2023-7024, is a heap buffer overflow issue in WebRTC in Google Chrome. Federal agencies have until January 23 … Read more
December 22, 2023 at 01:12PM Google has released an urgent update to address a critical vulnerability in Chrome, identified as CVE-2023-7024. This heap buffer overflow flaw in Chrome’s WebRTC module allows remote code execution. While the threat is significant, Chrome’s sandbox and site isolation features provide some protection. The bug also extends to Microsoft Edge, … Read more
December 21, 2023 at 05:51AM Google released emergency patches for the eighth zero-day vulnerability in Chrome this year. Tracked as CVE-2023-7024, it is a high-severity heap buffer overflow bug in the WebRTC component. The exploit is actively used and was reported by Google’s Threat Analysis Group. The latest Chrome version is 120.0.6099.129 for macOS and … Read more
December 20, 2023 at 04:44PM Google has released emergency updates to address the eighth Chrome zero-day vulnerability of the year, CVE-2023-7024, which was exploited in targeted attacks. The bug, discovered by Google’s Threat Analysis Group, affects the open-source WebRTC framework and poses a high-severity risk due to a heap buffer overflow weakness. Google aims to … Read more