#mac

Emergent macOS vulnerability lets adversaries circumvent Apple's System Integrity Protection (SIP) by loading third-party kernels.

# Microsoft Security Advisory CVE-2025-21176 | .NET and Visual Studio Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. An attacker could exploit this vulnerability by loading a specially crafted file in Visual Studio. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/runtime/issues/111425 ## <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 8.0 application running on .NET 8.0.11 or earlier. * Any .NET 9.0 application running on .NET 9.0.0 or earlier. ## <a name="affected-packages"></a>Affected Packages The vulnerability affects...

# Microsoft Security Advisory CVE-2025-21172 | .NET and Visual Studio Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. An attacker could exploit this vulnerability by loading a specially crafted file in Visual Studio. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/runtime/issues/111424. ## <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 8.0 application running on .NET 8.0.11 or earlier. * Any .NET 9.0 application running on .NET 9.0.0 or earlier. ## <a name="affected-packages"></a>Affected Packages The vulnerability affect...

# Microsoft Security Advisory CVE-2025-21171 | .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. An attacker could exploit this vulnerability by sending a specially crafted request to the vulnerable web server. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/runtime/issues/111423 ## <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 9.0 application running on .NET 9.0.0 or earlier. ## <a name="affected-packages"></a>Affected Packages The vulnerability affects any Microsoft .NET project if it uses any of affected packages versions list...

Cybersecurity is facing new challenges with advances in AI, cloud tech, and increasing cyber threats. Solutions like blockchain…

Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to bypass the operating system's System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. The vulnerability in question is CVE-2024-44243 (CVSS score: 5.5), a medium-severity bug

## Summary Gradio's Access Control List (ACL) for file paths can be bypassed by altering the letter case of a blocked file or directory path. This vulnerability arises due to the lack of case normalization in the file path validation logic. On case-insensitive file systems, such as those used by Windows and macOS, this flaw enables attackers to circumvent security restrictions and access sensitive files that should be protected. This issue can lead to unauthorized data access, exposing sensitive information and undermining the integrity of Gradio's security model. Given Gradio's popularity for building web applications, particularly in machine learning and AI, this vulnerability may pose a substantial threat if exploited in production environments. ## Affected Version Gradio <= 5.6.0 ## Impact - **Unauthorized Access**: Sensitive files or directories specified in `blocked_paths` can be accessed by attackers. - **Data Exposure**: Critical files, such as configuration files or use...

### Impact NOTE: The [Realtime WYSIWYG Editor](https://extensions.xwiki.org/xwiki/bin/view/Extension/Realtime%20WYSIWYG%20Editor/) extension was **experimental**, and thus **not recommended**, in the versions affected by this vulnerability. It has become enabled by default, and thus recommended, starting with XWiki 16.9.0. A user with only **edit right** can join a realtime editing session where others, that where already there or that may join later, have **script** or **programming** access rights. This user can then insert **script rendering macros** that are executed for those users in the realtime session that have script or programming rights. The inserted scripts can be used to gain more access rights. Here's an example that works with XWiki 15.10.9+ and 16.2.0+: * the attacker starts editing a wiki page in realtime (for which they have edit right) * another user, with script or programming access right joins the editing session (e.g. by clicking on a link / URL provided by ...

The Halcyon RISE Team has identified a new Codefinger ransomware campaign targeting Amazon S3 buckets. This attack leverages…

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: Vijeo Designer Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a non-admin authenticated user to perform privilege escalation by tampering with the binaries. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Schneider Electric Vijeo Designer: All versions prior to 6.3 SP1 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER PRIVILEGE MANAGEMENT CWE-269 Improper Privilege Management vulnerabilities exist that could cause unauthorized access, loss of confidentiality, integrity, and availability of the workstation if non-admin authenticated users try to perform privilege escalation by tampering with the binaries. CVE-2024-8306 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is (CVSS:3.1/AV...