Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

A week in security (December 12 - 18)

Categories: News Tags: week in security Tags: AWIS Tags: weekly blog recap Tags: Indiana Tags: TikTok Tags: MSP Tags: electronic sales suppression tools Tags: iPhone Tags: Play ransomware Tags: ransomware Tags: Nebula Tags: Quarantine for Cloud Storage Scanning Tags: SOC Tags: ROI Tags: Uber Tags: Apple Tags: virtual kidnapping Tags: DDoS booter service Tags: law enforcement takedown Tags: InfraGuard Tags: InfraGuard breach The most interesting security related news from the week of December 12 to 18. (Read more...) The post A week in security (December 12 - 18) appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#ios#android#mac#windows#apple#ddos
CVE-2022-46135: AeroCMS v0.0.1 Arbitrary File upload vulnerability · Issue #5 · MegaTKC/AeroCMS

In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.

Update now! Apple patches active exploit vulnerability for iPhones

Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: iOS 16.1.2 Tags: Safari 16.2 Tags: CVE-2022-42856 Tags: type confusion Apple has released new security content for iOS 16.1.2 and Safari 16.2. to fix a zero-day security vulnerability that was actively exploited (Read more...) The post Update now! Apple patches active exploit vulnerability for iPhones appeared first on Malwarebytes Labs.

CVE-2022-46634: IOT_vuln/TOTOLink/A7100RU/7 at main · EPhaha/IOT_vuln

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function.

CVE-2022-46631: IOT_vuln/TOTOLink/A7100RU/6 at main · EPhaha/IOT_vuln

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function.

CVE-2022-46702: About the security content of iOS 16.2 and iPadOS 16.2

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory.

CVE-2022-46700: About the security content of iOS 15.7.2 and iPadOS 15.7.2

A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-46701: About the security content of macOS Ventura 13.1

The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.

Meta Ponies Up $300K Bounty for Zero-Click Mobile RCE Bugs in Facebook

Facebook's parent company has also expanded bug-bounty payouts to include Oculus and other "metaverse" gadgets for AR/VR.