#ios

<p><em>The Red Hat Shares newsletter helps IT leaders navigate the complicated world of IT―the open source way.</em></p> <div class="rc-cta-primary"><a href="https://www.redhat.com/en/email-preferences?newsletter=RH-shares&amp;intcmp=7013a0000034h0bAAA">Subscribe to Red Hat Shares</a></div> <hr /> <div class="rc-title-emphasis">FROM THE EDITOR</div> <h3>De

By Owais Sultan Today’s mobile-first world calls for functional solutions that meet the expectations of smartphone users. Creating a user-friendly mobile… This is a post from HackRead.com Read the original post: Top Benefits of Using Flutter for Cross-Platform App Development

The Cookie session ID 'id' is of an insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication and manipulate the transmitter.

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

The application suffers from improper access control when editing users. A user with Read permissions can manipulate users, passwords and permissions by sending a single HTTP POST request with modified parameters and edit other users' names, passwords and permissions including admin password.

The application suffers from a privilege escalation vulnerability. A user with Read permissions can elevate his/her privileges by sending a HTTP POST request setting the parameter 'auth1' or 'auth2' or 'auth3' to integer value '1' for Write or '2' for Admin permissions.

A technique, dubbed the "Near-Ultrasound Inaudible Trojan" (NUIT), allows an attacker to exploit smartphones and smart speakers over the Internet, using sounds undetectable by humans.

ReQlogic version 11.3 suffers from a cross site scripting vulnerability.

Apple on Monday backported fixes for an actively exploited security flaw to older iPhone and iPad models. The issue, tracked as CVE-2023-23529, concerns a type confusion bug in the WebKit browser engine that could lead to arbitrary code execution. It was originally addressed by the tech giant with improved checks as part of updates released on February 13, 2023. An anonymous researcher has been

Categories: News Tags: NCA Tags: national crime agency Tags: DDoS Tags: distributed denial of service Tags: booter Tags: underground The British National Crime Agency has been setting up fake DDoS services to teach people a lesson in what not to do online. (Read more...) The post Fake DDoS services set up to trap cybercriminals appeared first on Malwarebytes Labs.