Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2023-44812: GitHub - ahrixia/CVE-2023-44812: mooSocial v3.1.8 is vulnerable to cross-site scripting on Admin redirect function.

Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function.

CVE
Open in Source
#xss#vulnerability#web#windows#apple#google#git#php#chrome#webkit
CVE-2023-44813: GitHub - ahrixia/CVE-2023-44813: mooSocial v3.1.8 is vulnerable to cross-site scripting on Invite Friend function.

Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function.

PEACHPIT: Massive Ad Fraud Botnet Powered by Millions of Hacked Android and iOS

An ad fraud botnet dubbed PEACHPIT leveraged an army of hundreds of thousands of Android and iOS devices to generate illicit profits for the threat actors behind the scheme. The botnet is part of a larger China-based operation codenamed BADBOX, which also entails selling off-brand mobile and connected TV (CTV) devices on popular online retailers and resale sites that are backdoored with an

AI sneak attacks, location spying, and definitely not malware, or, what one teenager fears online: Lock and Code S04E21

Categories: Podcast This week on the Lock and Code podcast, we speak with Bay Area teenager Nitya Sharma—for the second year in a row—about what she's most worried about online and what she does to stay safe. (Read more...) The post AI sneak attacks, location spying, and definitely not malware, or, what one teenager fears online: Lock and Code S04E21 appeared first on Malwarebytes Labs.

Apple's Encryption Is Under Attack by a Mysterious Group

Plus: Sony confirms a breach of its networks, US federal agents get caught illegally using phone location data, and more.

Apple Security Advisory 2023-10-04-1

Apple Security Advisory 2023-10-04-1 - iOS 17.0.3 and iPadOS 17.0.3 addresses buffer overflow and code execution vulnerabilities.

CVE-2023-26153: geokit-rails v2.3.2 Unsafe Deserialisation

Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a malicious cookie value. **Note:** An attacker can use this vulnerability to execute commands on the host system.

Update now! Apple patches vulnerabilities on iPhone and iPad

Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: iOS Tags: iPad Tags: 17.0.3 Tags: CVE-2023-42824 Tags: CVE-2023-5217 Apple has issued an emergency update to patch two vulnerabilities, including an actively exploited one. (Read more...) The post Update now! Apple patches vulnerabilities on iPhone and iPad appeared first on Malwarebytes Labs.