#android

Kiddoware Kids Place Parental Control Android App versions 3.8.49 and below suffer from weak hashing, cross site request forgery, cross site scripting, and arbitrary file upload vulnerabilities.

Ubuntu Security Notice 6080-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.

The Meta-owned app offers end-to-end encryption of texts, images, and more by default—but its settings aren't as private as they could be.

The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004

In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only); Issue ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only).

Categories: News Tags: Windows 11 Tags: OS Tags: operating system Tags: programming language Tags: rust Tags: C Tags: C++ Tags: kernel Tags: buffer overflow We take a look at the slow introduction of programming language Rust into the Windows 11 kernel in an effort to make it more memory safe. (Read more...) The post Windows 11 is showing its first signs of Rust appeared first on Malwarebytes Labs.

FLEX versions prior to 1085 Web 1.6.0 suffer from a denial of service vulnerability.

Categories: News Tags: YouTube Tags: ad block Tags: sponsored tweets Tags: Twitter Tags: fake BBC News Tags: AVLab assessment Tags: Google Tags: Google Passkey Tags: MSP Tags: Patch Tuesday Tags: Discord Tags: RedStinger Tags: tech support scam Tags: Aurora stealer Tags: Invalid Printer loader Tags: MSI Tags: ransomware Tags: Brightline Tags: ransomware review Tags: Allan Liska Tags: Lock and Code S04E11 The most interesting security related news of the week from May 8 till 14. (Read more...) The post A week in security (May 8-14) appeared first on Malwarebytes Labs.

The two-factor authentication tool got some serious upgrades that can help you bolster security for your online accounts.