#mac

**What is the nature of this vulnerability?** An information disclosure vulnerabilty exists in Azure Arc Jumpstart that could allow an authenticated user to view certain credentials and other senstive information contained in a log file. **What are the circumstances leading to a successful exploitation?** The client virtual machine is protected behind a secured Azure virtual network (VNET) without access from the internet. A potential attacker would first have to compromise the VNET to have network access to the Azure client virtual machine (Azure Arc Jumpstart-Client). There is only one provisioned user on the client virtual machine, and this user’s credentials are protected by a username and password provided by the end-user at deployment time. There are no other “low level” users that have login access to the virtual machine. The only user credential with access to the VM is the one created and supplied by the original Azure Arc Jumpstart end-user. A potential attacker would firs...

Apple on Wednesday rolled out software fixes for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting its platforms. This includes at least 37 flaws spanning different components in iOS and macOS that range from privilege escalation to arbitrary code execution and from information disclosure to denial-of-service (DoS). Chief among them is

Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Injection vulnerability in PowerStore T environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker.

A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.

A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.

Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated.

By Deeba Ahmed In May 2020, researchers were able to demonstrate how attackers can steal data from air-gapped PC by turning… This is a post from HackRead.com Read the original post: Hackers Can Now Steal Data from Air-Gapped PCs via SATA Cables

The home automation solution suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'name' GET parameter in 'delsnap.pl' Perl/CGI script which is used for deleting snapshots taken from the webcam.

The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in plaintext.

300 restaurants and at least 50,000 payment cards compromised by two separate campaigns against MenuDrive, Harbortouch and InTouchPOS services.