Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2022-29751: bug_report/SQLi-5.md at main · k0xx11/bug_report

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client.

CVE
Open in Source
#sql#vulnerability#web#windows#apple#js#java#php#chrome#webkit
CVE-2022-29751: bug_report/SQLi-5.md at main · k0xx11/bug_report

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client.

Known macOS Vulnerabilities Led Researcher to Root Out New Flaws

Researcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.

EU Proposes New Rules for Tech Companies to Combat Online Child Sexual Abuse

The European Commission on Wednesday proposed new regulation that would require tech companies to scan for child sexual abuse material (CSAM) and grooming behavior, raising worries that it could undermine end-to-end encryption (E2EE). To that end, online service providers, including hosting services and communication apps, are expected to proactively scan their platforms for CSAM as well as

Box, Zoom, Google Docs offer phishing boost with ‘vanity URL’ flaws

Attack technique bypasses email filters and burnishes credibility of phishing links

Android and Chrome Users Can Soon Generate Virtual Credit Cards to Protect Real Ones

Google on Wednesday took to its annual developer conference to announce a host of privacy and security updates, including support for virtual credit cards on Android and Chrome. "When you use autofill to enter your payment details at checkout, virtual cards will add an additional layer of security by replacing your actual card number with a distinct, virtual number," Google's Jen Fitzpatrick

Hackers Deploy IceApple Exploitation Framework on Hacked MS Exchange Servers

Researchers have detailed a previously undocumented .NET-based post-exploitation framework called IceApple that has been deployed on Microsoft Exchange server instances to facilitate reconnaissance and data exfiltration. "Suspected to be the work of a state-nexus adversary, IceApple remains under active development, with 18 modules observed in use across a number of enterprise environments, as

Android 13 Tries to Make Privacy and Security a No-Brainer

With its latest mobile OS update, Google aims to simplify the adoption of Android’s protective features for users and developers alike.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.