#google

Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16. The list of security vulnerabilities is as follows - CVE-2023-41991 - A certificate validation issue in the Security framework that could allow a

The issue was addressed with improved checks. This issue is fixed in Safari 16.6.1, macOS Ventura 13.6, OS 17.0.1 and iPadOS 17.0.1, iOS 16.7 and iPadOS 16.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, macOS Monterey 12.7, watchOS 10.0.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

By Deeba Ahmed New BBTok Banking Trojan Variant Emerges in Latin America: Check Point Research. This is a post from HackRead.com Read the original post: BBTok Malware Returns, Targeting Over 40 Banks in Brazil and Mexico

It reads as if ALPHV really wants to come across as the “good guys” in this case, but I’m not sure who outside of dark web circles would be willing to feel sorry for them.

By Waqas Meet new Proton CAPTCHA from Proton AG, a custom-built CAPTCHA system designed to thwart bots and spammers. Proton… This is a post from HackRead.com Read the original post: Proton CAPTCHA: New Privacy-First CAPTCHA Defense Against Bots

**Google is aware that an exploit for [CVE-2023-4863](https://www.cve.org/CVERecord?id=CVE-2023-4863) exists in the wild.** ### Description Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) ### References - https://www.cve.org/CVERecord?id=CVE-2023-4863 - https://nvd.nist.gov/vuln/detail/CVE-2023-4863 - https://www.techtarget.com/searchsecurity/news/366551978/Browser-companies-patch-critical-zero-day-vulnerability

Luxcal Event Calendar version 3.2.3 suffers from a cross site request forgery vulnerability.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: Rockwell Automation Equipment: Connected Components Workbench Vulnerabilities: Use After Free, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to exploit heap corruption via a crafted HTML. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation Connected Components Workbench Smart Security Manager are affected: Connected Components Workbench: versions prior to R21 3.2 Vulnerability Overview 3.2.1 USE AFTER FREE CWE-416 Connected Components Workbench utilizes CefSharp version 81.3.100 that contains a use after free vulnerability in Google Chrome versions before 86.0.4240.198. If exploited, a remote threat actor could potentially perform a sandbox escape via a crafted HTML page. CVE-2020-16017 has been assigned to this vulnerability....