Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

Update now! Apple releases new security patches for vulnerabilities in iPhones, Macs, and more

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS.

Malwarebytes
Open in Source
#vulnerability#ios#android#mac#apple
Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS

Details have emerged about a now-patched security vulnerability in Apple's iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information. The flaw, tracked as CVE-2024-44131 (CVSS score: 5.3), resides in the FileProvider component, per Apple, and has been addressed with improved

Symmetrical Cryptography Pioneer Targets the Post-Quantum Era

Researchers at Cavero have created a correlating numbers mechanism, adding a layer of privacy that even threat actors can't gain enough information to breach.

Sprawling 'Operation Digital Eye' Attack Targets European IT Orgs

A Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack.

How Art Appreciation Supplements Cybersecurity Skills

Using different parts of our brains gives us different perspectives on the world around us and new approaches to the problems we face in security.

GHSA-r6wx-627v-gh2f: Directus has an HTML Injection in Comment

### Summary The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. ### Details The Comment feature implements a character filter on the client-side, this can be bypassed by directly sending a request to the endpoint. Example Request: ``` PATCH /activity/comment/3 HTTP/2 Host: directus.local { "comment": "<h1>TEST <p style=\"color:red\">HTML INJECTION</p> <a href=\"//evil.com\">Test Link</a></h1>" } ``` Example Response: ```json { "data": { "id": 3, "action": "comment", "user": "288fdccc-399a-40a1-ac63-811bf62e6a18", "timestamp": "2023-09-06T02:23:40.740Z", "ip": "10.42.0.1", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36", "collection": "directus_files", "item": "7247dda1-c386-4e7a-...

Chinese Hackers Breach US Firm, Maintain Network Access for Months

SUMMARY A large U.S. company with operations in China fell victim to a large-scale cyberattack earlier this year,…

Bypass Bug Revives Critical N-Day in Mitel MiCollab

A single barrier prevented attackers from exploiting a critical vulnerability in an enterprise collaboration platform. Now there's a workaround.

CISA Issues Guidance to Telecom Sector on Salt Typhoon Threat

Individuals concerned about the privacy of their communications should consider using encrypted messaging apps and encrypted voice communications, CISA and FBI officials say.

Russian FSB Hackers Breach Pakistan's APT Storm-0156

Parasitic advanced persistent threat Secret Blizzard accesses another APT's infrastructure and steals what it has stolen from South Asian government and military targets.