#apple

Enterprise communications software maker 3CX on Thursday confirmed that multiple versions of its desktop app for Windows and macOS are affected by a supply chain attack. The version numbers include 18.12.407 and 18.12.416 for Windows and 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 for macOS. The company said it's engaging the services of Google-owned Mandiant to review the incident. In the

Plus: Microsoft Outlook and Android patch serious flaws, Chrome and Firefox get fixes, and much more.

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

A vulnerability was found in jeecg-boot 3.5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file SysDictMapper.java of the component Sleep Command Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224629 was assigned to this vulnerability.

Network protocols can be used to identify operating systems and discern other device information.

Covenant version 0.5 suffers from a remote code execution vulnerability.

Categories: Apple Categories: Exploits and vulnerabilities Categories: News Tags: macOS Tags: iOS Tags: iPadOS Tags: watchOS Tags: tvOS Tags: Studio Display Tags: CVE-2023-23529 Tags: type confusion Tags: emoji Apple has released security updates and new features for several of its products, including a fix for an actively exploited vulnerability. (Read more...) The post Update now! Apple fixes actively exploited vulnerability and introduces new features appeared first on Malwarebytes Labs.

Categories: News Tags: ultrasound Tags: NUIT Tags: speakers Tags: microphone Tags: device Tags: IoT Tags: assistant Tags: alexa Tags: siri Tags: google Tags: silent We take a look at research for an IoT attack called NUIT, capable of hijacking voice assistants via ultrasonic attack. (Read more...) The post Smart home assistants at risk from "NUIT" ultrasound attack appeared first on Malwarebytes Labs.

Elon Musk, Steve Wozniak, and Andrew Yang are among more than 1,000 tech leaders asking for time to establish human safety parameters around AI.

Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.