#ios

The bug is under active exploitation; Fortinet issued a customer advisory urging customers to apply its update immediately.

Some 400 mobile apps have posed as legitimate software on Google Play and the Apple App Store over the past year, and were designed to steal Facebook user credentials.

Meta Platforms on Friday disclosed that it had identified over 400 malicious apps on Android and iOS that it said targeted online users with the goal of stealing their Facebook login information. "These apps were listed on the Google Play Store and Apple's App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them," the

The company plans to alert 1 million Facebook users that their account credentials may have been compromised by malicious software.

Blockchain investigators have uncovered at least $4 million—and counting—in cryptocurrency fundraising has reached Russia's violent militia groups.

### Impact The general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of [the array holding the directories](https://github.com/tensorflow/tensorflow/blob/458c6260265c46ebaf18052d6c61aea4b6b40926/tensorflow/core/platform/file_system_helper.cc#L127): ```cc if (!fs->Match(child_path, dirs[dir_index])) { ... } ``` Since `dir_index` is [unconditionaly incremented](https://github.com/tensorflow/tensorflow/blob/458c6260265c46ebaf18052d6c61aea4b6b40926/tensorflow/core/platform/file_system_helper.cc#L106) outside of the lambda function where the vulnerable pattern occurs, this results in an access out of bounds issue under certain scenarios. For example, if `/tmp/x` is a directory that only contains a single file `y`, then the following scenario will cause a crash due to the out of bounds read: ```python >>> tf.io.gfile.glob('/tmp/x/') Segmentation fault ``` There are multiple invariants and preconditions that are assumed by the pa...

Red Hat leads the tech industry's cutting edge practices for the resolution of cybersecurity issues. Red Hat does this by providing relevant and accessible information and enabling the larger community to make well-informed decisions about security issues.

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  As I wrote about last week, I’ve been diving a lot into apps’ privacy policies recently. And I was recently made aware of a new type of app I never knew existed — family trackers.  There are countless mobile apps for parents to track their children or other family members based on their location, phone usage, and even driving speed. As an anxious soon-to-be-parent, this sounds intriguing to me — it’d be a supped-up version of Find my Friends on Apple devices so I’d never have to ask my teenager (granted, I’m many years away from being at that stage of my life) when they were coming home or where they were.  Just as with all other types of mobile apps, there are pitfalls, though.   Life360, one of the most popular of these types of apps and even tells users what their maximum driving speed was on a given trip, was found in December 2021 to be selling precise location data on its users, potentia...

Any time we welcome this software and hardware into our homes and on our devices, it’s worth considering what sacrifices we might be making elsewhere.

By Waqas TrollStore does not work on anything above iOS 15.5, and beta 4, not on iOS 15.5, not on version 15.6, and not on iOS 16). This is a post from HackRead.com Read the original post: New TrollStore Tool Permanently Installs Apps on Non-Jailbroken iOS Devices