Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

Faux ChatGPT, Claude API Packages Deliver JarkaStealer

Attackers are betting that the hype around generative AI (GenAI) is attracting less technical, less cautious developers who might be more inclined to download an open source Python code package for free access, without vetting it or thinking twice.

DARKReading
#web#windows#apple#linux#git#java#intel#auth
Apple Web Content Filter Bypass

Nosebeard Labs has identified a critical vulnerability in the Apple system wide web content filter that allows a full bypass of content restrictions. This vulnerability, which occurs specifically when Screen Time content filtering settings are enabled, permits users or attackers to access restricted websites in Safari without detection. The timeline in this advisory is probably the most interesting thing to note. It shows a Fortune 10 ignoring a concern for years until a news article gets written, and that is truly disappointing. Do better Tim.

Apple Security Advisory 11-19-2024-5

Apple Security Advisory 11-19-2024-5 - macOS Sequoia 15.1.1 addresses code execution vulnerabilities.

Apple Security Advisory 11-19-2024-4

Apple Security Advisory 11-19-2024-4 - iOS 17.7.2 and iPadOS 17.7.2 addresses code execution vulnerabilities.

Apple Security Advisory 11-19-2024-3

Apple Security Advisory 11-19-2024-3 - iOS 18.1.1 and iPadOS 18.1.1 addresses code execution vulnerabilities.

Chinese APT Gelsemium Deploys 'Wolfsbane' Linux Variant

In a sign of the times, a backdoor malware whose ancestors date back to 2005 has morphed to target Linux systems.

DOJ Proposes Breaking Up Google: Calls for Sale of Chrome Browser

The DOJ proposes tough proposals in its antitrust lawsuit against Google, including selling the Chrome browser, limiting search…

China's 'Liminal Panda' APT Attacks Telcos, Steals Phone Data

In US Senate testimony, a CrowdStrike exec explained how this advanced persistent threat penetrated telcos in Asia and Africa, gathering SMS messages, unique identifiers, and other metadata along the way.

Apple Urgently Patches Actively Exploited Zero-Days

Though the information regarding the exploits is limited, the company did report that Intel-based Mac systems have been targeted by cybercriminals looking to exploit CVE-2024-44308 and CVE-2024-44309.

Update now! Apple confirms vulnerabilities are already being exploited

Apple has released security updates that look especially important for Intel-based Macs because they are already being exploited in the wild.