#mac

Apple has issued emergency updates that include patches for older iOS devices concerning two actively used zero-days that were patched for iOS 17 last week

The company’s regular set of advisories has included a vulnerability that’s been actively exploited in the wild in 10 months this year.

Azure Connected Machine Agent Elevation of Privilege Vulnerability

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability

Microsoft Outlook for Mac Spoofing Vulnerability

In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\Temp.

2023 has seen its fair share of cyber attacks, however there’s one attack vector that proves to be more prominent than others - non-human access. With 11 high-profile attacks in 13 months and an ever-growing ungoverned attack surface, non-human identities are the new perimeter, and 2023 is only the beginning.  Why non-human access is a cybercriminal’s paradise  People always

Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro v.1.1 allows an attacker to execute arbitrary code via a crafted script within a request to the webserver.

**According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?** A non-admin local user who has sufficient permissions to create symbolic links on a Windows computer that has Azure Connected Machine Agent installed (or before the agent is installed) could create links from a directory used by the agent to other privileged files on the computer. If the administrator later installs virtual machine extensions on the machine, those files could be deleted.

**What is the nature of the spoofing?** An attacker could appear as a trusted user when they should not be. This could cause a user to mistakenly trust a signed email message as if it came from a legitimate user.