A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed the Pall Mall Process, aims to tackle the proliferation and irresponsible use of commercial cyber intrusion tools by

Hello everyone! It has been 3 months since the last episode. I spent most of this time improving my Vulristics project. So in this episode, let’s take a look at what’s been done. Alternative video link (for Russia): https://vk.com/video-149273431_456239139 Also, let’s take a look at the Microsoft Patch Tuesdays vulnerabilities, Linux Patch Wednesdays vulnerabilities and […]

Cyber insurance premiums are expected to rise this year after leveling out in 2023.

Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild. The issue, tracked as CVE-2024-23222, is a type confusion bug that could be exploited by a threat actor to achieve arbitrary code execution when processing maliciously crafted web content. The tech giant said the problem

Apple Security Advisory 12-11-2023-3 - iOS 16.7.3 and iPadOS 16.7.3 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 11-30-2023-3 - macOS Sonoma 14.1.2 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 11-30-2023-3 - macOS Sonoma 14.1.2 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 11-30-2023-2 - iOS 17.1.2 and iPadOS 17.1.2 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 11-30-2023-2 - iOS 17.1.2 and iPadOS 17.1.2 addresses code execution and out of bounds read vulnerabilities.

Debian Linux Security Advisory 5575-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine.

Debian Linux Security Advisory 5575-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine.

Ubuntu Security Notice 6545-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice 6545-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Red Hat Security Advisory 2023-7716-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-7715-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.

Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices. This includes updates for 12 security vulnerabilities in iOS and iPadOS spanning AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari

When searching for holiday gifts online, make sure you’re buying from a trusted vendor, or if you haven’t heard of the vendor before, take a few extra minutes just to look them up and read their app’s privacy policy.

When searching for holiday gifts online, make sure you’re buying from a trusted vendor, or if you haven’t heard of the vendor before, take a few extra minutes just to look them up and read their app’s privacy policy.

Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software. The vulnerabilities, both of which reside in the WebKit web browser engine, are described below - CVE-2023-42916 - An out-of-bounds read issue that could be exploited to

Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software. The vulnerabilities, both of which reside in the WebKit web browser engine, are described below - CVE-2023-42916 - An out-of-bounds read issue that could be exploited to

By Waqas Immediate Action Required: Update Your Apple Devices, Including iPads, MacBooks, and iPhones, NOW! This is a post from HackRead.com Read the original post: Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities

By Waqas Immediate Action Required: Update Your Apple Devices, Including iPads, MacBooks, and iPhones, NOW! This is a post from HackRead.com Read the original post: Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

Ubuntu Security Notice 6289-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice 6289-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice 6289-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice 6289-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice 6289-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice 6289-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice 6289-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice 6289-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice 6289-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Debian Linux Security Advisory 5468-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. YeongHyeon Choi discovered that processing web content may disclose sensitive information. Narendra Bhati discovered that a website may be able to bypass the Same Origin Policy. Narendra Bhati, Valentino Dalla Valle, Pedro Bernardo, Marco Squarcina, and Lorenzo Veronese discovered that processing web content may lead to arbitrary code execution. Various other issues were also addressed.

Debian Linux Security Advisory 5468-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. YeongHyeon Choi discovered that processing web content may disclose sensitive information. Narendra Bhati discovered that a website may be able to bypass the Same Origin Policy. Narendra Bhati, Valentino Dalla Valle, Pedro Bernardo, Marco Squarcina, and Lorenzo Veronese discovered that processing web content may lead to arbitrary code execution. Various other issues were also addressed.

Debian Linux Security Advisory 5468-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. YeongHyeon Choi discovered that processing web content may disclose sensitive information. Narendra Bhati discovered that a website may be able to bypass the Same Origin Policy. Narendra Bhati, Valentino Dalla Valle, Pedro Bernardo, Marco Squarcina, and Lorenzo Veronese discovered that processing web content may lead to arbitrary code execution. Various other issues were also addressed.

Debian Linux Security Advisory 5468-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. YeongHyeon Choi discovered that processing web content may disclose sensitive information. Narendra Bhati discovered that a website may be able to bypass the Same Origin Policy. Narendra Bhati, Valentino Dalla Valle, Pedro Bernardo, Marco Squarcina, and Lorenzo Veronese discovered that processing web content may lead to arbitrary code execution. Various other issues were also addressed.

Debian Linux Security Advisory 5468-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. YeongHyeon Choi discovered that processing web content may disclose sensitive information. Narendra Bhati discovered that a website may be able to bypass the Same Origin Policy. Narendra Bhati, Valentino Dalla Valle, Pedro Bernardo, Marco Squarcina, and Lorenzo Veronese discovered that processing web content may lead to arbitrary code execution. Various other issues were also addressed.

Debian Linux Security Advisory 5468-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. YeongHyeon Choi discovered that processing web content may disclose sensitive information. Narendra Bhati discovered that a website may be able to bypass the Same Origin Policy. Narendra Bhati, Valentino Dalla Valle, Pedro Bernardo, Marco Squarcina, and Lorenzo Veronese discovered that processing web content may lead to arbitrary code execution. Various other issues were also addressed.

Debian Linux Security Advisory 5468-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. YeongHyeon Choi discovered that processing web content may disclose sensitive information. Narendra Bhati discovered that a website may be able to bypass the Same Origin Policy. Narendra Bhati, Valentino Dalla Valle, Pedro Bernardo, Marco Squarcina, and Lorenzo Veronese discovered that processing web content may lead to arbitrary code execution. Various other issues were also addressed.

Debian Linux Security Advisory 5468-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. YeongHyeon Choi discovered that processing web content may disclose sensitive information. Narendra Bhati discovered that a website may be able to bypass the Same Origin Policy. Narendra Bhati, Valentino Dalla Valle, Pedro Bernardo, Marco Squarcina, and Lorenzo Veronese discovered that processing web content may lead to arbitrary code execution. Various other issues were also addressed.

Debian Linux Security Advisory 5468-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. YeongHyeon Choi discovered that processing web content may disclose sensitive information. Narendra Bhati discovered that a website may be able to bypass the Same Origin Policy. Narendra Bhati, Valentino Dalla Valle, Pedro Bernardo, Marco Squarcina, and Lorenzo Veronese discovered that processing web content may lead to arbitrary code execution. Various other issues were also addressed.

Ubuntu Security Notice 6264-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice 6264-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice 6264-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.

The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.

This issue was addressed with improved state management. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5, iOS 15.7.8 and iPadOS 15.7.8. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.

This issue was addressed with improved state management. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5, iOS 15.7.8 and iPadOS 15.7.8. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.

The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.

The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.

This issue was addressed with improved state management. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5, iOS 15.7.8 and iPadOS 15.7.8. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.

This issue was addressed with improved state management. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5, iOS 15.7.8 and iPadOS 15.7.8. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.

The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.

The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.

The issue was addressed with improved checks. This issue is fixed in watchOS 9.6, iOS 16.6 and iPadOS 16.6, Safari 16.5.2, macOS Ventura 13.5, tvOS 16.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

This issue was addressed with improved state management. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5, iOS 15.7.8 and iPadOS 15.7.8. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.

This issue was addressed with improved state management. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5, iOS 15.7.8 and iPadOS 15.7.8. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.

Apple Security Advisory 2023-07-24-8 - watchOS 9.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-8 - watchOS 9.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-8 - watchOS 9.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-8 - watchOS 9.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-8 - watchOS 9.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-8 - watchOS 9.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-7 - tvOS 16.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-7 - tvOS 16.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-7 - tvOS 16.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-7 - tvOS 16.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-7 - tvOS 16.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-7 - tvOS 16.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-4 - macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-4 - macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-4 - macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-4 - macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-4 - macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-4 - macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-4 - macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-4 - macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-1 - Safari 16.6 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 2023-07-24-1 - Safari 16.6 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 2023-07-24-1 - Safari 16.6 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 2023-07-24-1 - Safari 16.6 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 2023-07-24-1 - Safari 16.6 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 2023-07-24-1 - Safari 16.6 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 2023-07-24-1 - Safari 16.6 addresses bypass and code execution vulnerabilities.

Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: WebKit Tags: CVE-2023-38606 Tags: CVE-2023-32409 Tags: CVE-2023-37450 Tags: CVE-2023-32416 Apple has released security updates for several products to address several serious vulnerabilities including some actively exploited zero-days. (Read more...) The post Update now! Apple fixes several serious vulnerabilities appeared first on Malwarebytes Labs.

Debian Linux Security Advisory 5457-1 - An anonymous researcher discovered that processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Last week, the Biden administration released its formal roadmap for its national cybersecurity initiative meant to encourage greater investment in cybersecurity and strengthen the U.S.’s critical infrastructure security (and more).

Red Hat Security Advisory 2023-4201-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-4202-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32435: A vulnerability was found in webkitgtk. This issue occurs when processing web content, which may lead to arbitrary code execution. * CVE-2023-32439: A vulnerability was found in webkitgtk. This issue occurs when processing maliciously crafted web content, which may lead to arbitrary code execution.

By Waqas The software vulnerability, identified as CVE-2023-37450, has raised concerns due to its potential for arbitrary code execution. This is a post from HackRead.com Read the original post: Apple Issues Device Updates to Patch Critical Vulnerability

Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild. The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors to achieve arbitrary code execution when processing specially crafted web content. The iPhone maker said it addressed the issue with improved checks

Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: Safari Tags: WebKit Tags: macOS Tags: iOS Tags: iPadOs Tags: CVE-2023-37450 Tags: drive-by Tags: code execution Apple has issued an update for a zero-day vulnerability in the WebKit browser engine which may be actively exploited. (Read more...) The post Apple issues Rapid Security Response for zero-day vulnerability appeared first on Malwarebytes Labs.

Plus: Microsoft fixes 78 vulnerabilities, VMWare plugs a flaw already used in attacks, and more critical updates from June.

The U.S. Cybersecurity and Infrastructure Security Agency has added a batch of six flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This comprises three vulnerabilities that Apple patched this week (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439), two flaws in VMware (CVE-2023-20867 and CVE-2023-20887), and one shortcoming impacting Zyxel

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences

This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 9.5. An attacker with physical access to a locked Apple Watch may be able to view user photos or contacts via accessibility features

A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, Safari 16.5.1, macOS Ventura 13.4.1, iOS 15.7.7 and iPadOS 15.7.7. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 9.5. An attacker with physical access to a locked Apple Watch may be able to view user photos or contacts via accessibility features

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to execute arbitrary code with kernel privileges

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to execute arbitrary code with kernel privileges

A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination

The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices.

Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation that has been active since 2019. The exact threat actor behind the campaign is not known.

Categories: Apple Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: kernel webkit Tags: CVE-2023-32434 Tags: CVE-2023-32435 Tags: CVE-2023-32439 Tags: type confusion Tags: integer overflow Tags: operation triangulation Apple has released security updates for several products to address a set of flaws it said were being actively exploited. (Read more...) The post Update now! Apple fixes three actively exploited vulnerabilities appeared first on Malwarebytes Labs.

Debian Linux Security Advisory 5427-1 - An anonymous researcher discovered that processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited. An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Debian Linux Security Advisory 5427-1 - An anonymous researcher discovered that processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited. An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Red Hat Security Advisory 2023-3433-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include out of bounds read and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3433-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include out of bounds read and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3432-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include out of bounds read and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3432-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include out of bounds read and use-after-free vulnerabilities.

Steam, the most popular video game storefront on PCs, only recently announced that it was ending support for Windows 7 and 8, and even then, it won’t be official until January.

Steam, the most popular video game storefront on PCs, only recently announced that it was ending support for Windows 7 and 8, and even then, it won’t be official until January.

Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: RSR Tags: CVE-2023-32409 Tags: CVE-2023-28204 Tags: CVE-2023-32373 Tags: out of bounds Tags: use after free Apple issued information about patches against three actively exploited zero-days in WebKit. One vulnerability is new, two were patched earlier this month. (Read more...) The post Update now! Apple issues patches for three actively used zero-days appeared first on Malwarebytes Labs.

Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: RSR Tags: CVE-2023-32409 Tags: CVE-2023-28204 Tags: CVE-2023-32373 Tags: out of bounds Tags: use after free Apple issued information about patches against three actively exploited zero-days in WebKit. One vulnerability is new, two were patched earlier this month. (Read more...) The post Update now! Apple issues patches for three actively used zero-days appeared first on Malwarebytes Labs.

Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild. The three security shortcomings are listed below - CVE-2023-32409 - A WebKit flaw that could be exploited by a malicious actor to break out of the Web Content sandbox. It was addressed with

Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild. The three security shortcomings are listed below - CVE-2023-32409 - A WebKit flaw that could be exploited by a malicious actor to break out of the Web Content sandbox. It was addressed with