Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2023-32353: About the security content of iTunes 12.12.9 for Windows

A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges

CVE
Open in Source
#vulnerability#web#windows#apple
LockBit Developing Ransomware for Apple M1 Chips, Embedded Systems

Under construction: The world's leading ransomware gang is workshopping ransomware for less obvious systems beyond Windows environments. Experts weigh in on how worried we should be.

Tanium Platform Advances Threat Identification Capabilities and Enhances Endpoint Reach

Award-winning XEM platform introduces advanced SBOM capabilities, expanded ARM support, and additional Risk & Compliance improvements.

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. "smishing") messages that spoofed UPS and other top brands. The missives addressed recipients by name, included details about recent orders, and warned that those orders wouldn't be shipped unless the customer paid an added delivery fee.

2 More Apple Zero-Days Exploited in Ongoing iOS Spy Campaign

The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices.

Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari

Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation that has been active since 2019. The exact threat actor behind the campaign is not known.

Update now! Apple fixes three actively exploited vulnerabilities

Categories: Apple Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: kernel webkit Tags: CVE-2023-32434 Tags: CVE-2023-32435 Tags: CVE-2023-32439 Tags: type confusion Tags: integer overflow Tags: operation triangulation Apple has released security updates for several products to address a set of flaws it said were being actively exploited. (Read more...) The post Update now! Apple fixes three actively exploited vulnerabilities appeared first on Malwarebytes Labs.

CVE-2023-24261: CVE-2023-24261: GL-E750 Blind Authenticated Command Injection

A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request.

WordPress WP Sticky Social 1.0.1 CSRF / Cross Site Scripting

WordPress WP Sticky Social plugin version 1.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.