Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2022-47853: ttt/16 at main · Am1ngl/ttt

TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload.

CVE
Open in Source
#vulnerability#web#windows#apple#chrome#webkit
Fighting technology's gender gap with TracketPacer: Lock and Code S04E02

Categories: Podcast This week on Lock and Code, we speak with Lexie Cooper, the owner behind the TikTok account TrackerPacer, about the vitriol she faced online after talking about the gender gap in technology. (Read more...) The post Fighting technology's gender gap with TracketPacer: Lock and Code S04E02 appeared first on Malwarebytes Labs.

All the Data Apple Collects About You—and How to Limit It

Cupertino puts privacy first in a lot of its products. But the company still gathers a bunch of your information.

Law enforcement app SweepWizard leaks data on crime suspects

Categories: News Tags: Erik McCauley Tags: SweetWizard Tags: law enforcement app Tags: ODIN Intelligence Tags: Wired SweepWizard, an app designed to assist law enforcement is causing a bit of trouble, was found inadvertently leaking sweeping data for years. (Read more...) The post Law enforcement app SweepWizard leaks data on crime suspects appeared first on Malwarebytes Labs.

TikTok Fined $5.4 Million by French Regulator for Violating Cookie Laws

Popular short-form video hosting service TikTok has been fined €5 million (about $5.4 million) by the French data protection watchdog for breaking cookie consent rules, making it the latest platform to face similar penalties after Amazon, Google, Meta, and Microsoft since 2020. "Users of 'tiktok[.]com' could not refuse cookies as easily as accepting them and they were not informed in a

CVE-2022-46093: z-vulnerabilitys/Hospital-Management-System.md at main · Frank-Z7/z-vulnerabilitys

Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password.

libCoreEntitlements CEContextQuery Arbitrary Entitlement Returns

On newer macOS/iOS versions, entitlements in binary signature blobs are stored in the DER format. libCoreEntitlements.dylib is the userspace library for parsing and querying such entitlements. The kernel has its own version of this library inside the AppleMobileFileIntegrity module. libCoreEntitlements exposes several functions, such as, for example, to convert entitlements to a dictionary representation (e.g. CEQueryContextToCFDictionary) or to query a specific entitlement (CEContextQuery). Unfortunately, different functions traverse the DER structure in a subtly different way, which allows one API to see one set of entitlements and another API to see a different set of entitlements.

WebKit CSSCrossfadeValue::crossfadeChanged Use-After-Free

WebKit suffers from a RenderMathMLToken use-after-free vulnerability in CSSCrossfadeValue::crossfadeChanged.