#apple

Microsoft Patch Tuesday, February 2023 Edition

Microsoft is sending the world a whole bunch of love today, in the form of patches to plug dozens of security holes in its Windows operating systems and other software. This year's special Valentine's Day Patch Tuesday includes fixes for a whopping three different "zero-day" vulnerabilities that are already being used in active attacks.

1 year ago

Krebs on Security

Open in Source

#vulnerability #web #ios #windows #apple #microsoft #intel #rce #auth #zero_day #webkit #blog

Password manager security: Which is the right option for me?

The first guide of our two-part series helps consumers choose the best way to manage their login credentials

1 year ago

PortSwigger

Open in Source

#web #ios #android #mac #windows #apple #linux #git #auth #chrome #sap #wifi

CVE-2019-15126: MITRE: CVE-2019-15126 Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device

**How could an attacker exploit this vulnerability?** For an attacker to exploit this vulnerability, the following conditions must be met: * The attacker must be in physical proximity to the targeted victim. A remote attack is not possible because this vulnerability is at the Wi-Fi layer. * The victim must be using unprotected transports such as plain HTTP. If customers follow the security best practices outlined in the Executive Summary, this vulnerability would be difficult to exploit.

1 year ago

Microsoft Security Response Center

Open in Source

#vulnerability #web #apple #cisco #pdf #huawei #wifi #HoloLens #Security Vulnerability

CVE-2023-25758: Our Response to Recent Security Fix Reports - OneKey

Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device (i.e., here, "man-in-the-middle" does not refer to the attacker's position on an IP network). NOTE: the vendor states that "our hardware team has updated the security patch without anyone being affected."

1 year ago

CVE

Open in Source

#vulnerability #apple #google #auth

Patch Now: Apple's iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw

Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild. Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution. The iPhone maker said the

1 year ago

The Hacker News

Open in Source

#vulnerability #web #ios #mac #apple #google #zero_day #webkit #The Hacker News

CVE-2023-24646: CVE-nu11secur1ty/vendors/oretnom23/2023/Food-Ordering-System-v2.0 at main · nu11secur1ty/CVE-nu11secur1ty

An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file.

1 year ago

CVE

Open in Source

#vulnerability #web #windows #apple #java #php #rce #chrome #webkit

CVE-2023-25241: CVE-nu11secur1ty/vendors/bgERP/2023/bgERP-v22.31-Cookie-Session-vulnerability+XSS-Reflected at main · nu11secur1ty/CVE-nu11secur1ty

bgERP v22.31 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.

1 year ago

CVE

Open in Source

#xss #vulnerability #web #windows #apple #ubuntu #apache #chrome #webkit

CVE-2023-24648: CVE-nu11secur1ty/vendors/zippy/zstore-6.6.0 at main · nu11secur1ty/CVE-nu11secur1ty

Zstore v6.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php.