#apple

Ubuntu Security Notice 6700-2 - It was discovered that the Layer 2 Tunneling Protocol implementation in the Linux kernel contained a race condition when releasing PPPoL2TP sockets in certain conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle block device modification while it is mounted. A privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

This whitepaper shows that the security threat from DMPs is significantly worse than previously thought and demonstrates the first end-to-end attacks on security-critical software using the Apple m-series DMP. Undergirding the author's attacks is a new understanding of how DMPs behave which shows, among other things, that the Apple DMP will activate on behalf of any victim program and attempt to leak any cached data that resembles a pointer.

The U.S. Department of Justice (DoJ), along with 16 other state and district attorneys general, on Thursday accused Apple of illegally maintaining a monopoly over smartphones, thereby undermining, among others, security and privacy of users when messaging non-iPhone users. "Apple wraps itself in a cloak of privacy, security, and consumer preferences to justify its anticompetitive

Privacy and security are an Apple selling point. But the DOJ’s new antitrust lawsuit argues that Apple selectively embraces privacy and security features in ways that hurt competition—and users.

By Deeba Ahmed Pwn2Own is back! This is a post from HackRead.com Read the original post: Pwn2Own 2024 Awards $700k as Hackers Pwn Tesla, Browsers, and More

Ubuntu Security Notice 6701-2 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service.

By Uzair Amir Your web browser serves as the gateway to the internet, but it also acts as a potential entry point for cybercriminals to access your computer and smartphone. This is a post from HackRead.com Read the original post: Why Browser Security Matters More Than You Think

By Waqas Ukraine used Clearview AI, now it is up for grabs by US Defense agencies! This is a post from HackRead.com Read the original post: Controversial Clearview AI Added to US Government’s Tech Marketplace

By Waqas CISPA Researchers Unveil 'Loop DoS' Attack: A New Frontier in Denial-of-Service Tactics! This is a post from HackRead.com Read the original post: New Loop DoS Attack Threatens Hundreds of Thousands of Systems

Ubuntu Security Notice 6701-1 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service.