#mac

Debian Linux Security Advisory 5599-1 - Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the "Terrapin attack". This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts.

macOS suffers from an out-of-bounds write vulnerability in AppleVADriver when decoding mpeg2 videos.

On Intel macOS, HEVC video decoding is performed in the AppleGVA module. Using fuzzing, researchers identified multiple issues in this decoder. The issues range from out-of-bounds writes, out-of-bounds reads and, in one case, free() on an invalid address. All of the issues were reproduced on macOS Ventura 13.6 running on a 2018 Mac mini (Intel based).

By Waqas Firmware Vulnerability Found in Bosch Thermostat Model BCC100: Patch Now or Freeze. This is a post from HackRead.com Read the original post: Hackers can hijack your Bosch Thermostat and Install Malware

Ubuntu Security Notice 6560-2 - USN-6560-1 fixed several vulnerabilities in OpenSSH. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue.

By Uzair Amir Is it possible to utilize an external SSD to enhance the speed of your Mac? The answer is a resounding yes. Employing an external SSD can work wonders on a slowed-down MacBook, providing a notable boost in performance. This is a post from HackRead.com Read the original post: Is it possible to use an external SSD to speed up your Mac?

Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actors behind the malware are actively enhancing its capabilities. "It looks like Atomic Stealer was updated around mid to late December 2023, where its developers introduced payload encryption in an effort to bypass detection rules,"

By Waqas Volkswagen announced the surprising development at CES 2024 (Consumer Electronics Show) in Las Vegas. This is a post from HackRead.com Read the original post: Volkswagen Goes AI, Integrates ChatGPT into its Vehicles

Mac users should be aware of an active distribution campaign via malicious ads delivering Atomic Stealer. The latest iteration of the malware is stealthy thanks to added encryption and obfuscation of its code.

Microsoft's patch Tuesday roundup looks like a relatively quiet one. Unless your organization uses FBX files.