Tag
#ios
Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the (2) groupID, (3) offset, or (4) limit parameter to an Administrative Panel (Group and Users) page. There is a risk of an attacker retrieving patient information.
Plus: WhatsApp plugs holes that could be used for remote execution attacks, Microsoft patches a zero-day vulnerability, and more.
By Waqas Hackers are actively using encrypted chat apps like Signal and Telegram to share stolen data belonging to the Iranian government, tutorials on how to hack, and use VPNs and Tor to bypass censorship. This is a post from HackRead.com Read the original post: Hackers turn to Signal, Telegram and Dark Web to assist Iranian protestors
The messenger protocol had gained popularity for its robust security, but vulnerabilities allowed attackers to decrypt messages and impersonate users.
Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-ios-sdk implementing a too permissive key forwarding strategy. The default policy for accepting key forwards has been made more strict in the matrix-ios-sdk version 0.23.19. matrix-ios-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately (for example, by showing a warning for such messages). Thi...
By Waqas Before being removed, the Scylla ad fraud campaign used over 90 malicious apps to carry out its operation against Android and iOS users. This is a post from HackRead.com Read the original post: Scylla Ad Fraud Attack on iOS and Android Users Halted by Apple and Google
By Deeba Ahmed Famous publisher 2K Games’ helpdesk platform was hacked where the attackers attempted to distribute malware to gamers’ devices.… This is a post from HackRead.com Read the original post: 2K Games Help Desk Platform Hacked to Spread Info-stealing Malware
ZecOps extends Jamf's mobile security capabilities by adding advanced detections and incident response.
Categories: News Categories: Scams The Federal Communications Commission wants mobile carriers to block spam texts at the network level. (Read more...) The post FCC moves to block robotexts appeared first on Malwarebytes Labs.
The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”.