#android

Plus: Mozilla patches 10 Firefox bugs, Cisco fixes a vulnerability with a rare maximum severity score, and SAP releases updates to stamp out three highly critical flaws.

By Waqas The vulnerability was reported by Clément Lecigne of Google's Threat Analysis Group (TAG). This is a post from HackRead.com Read the original post: Mozilla Rushes to Fix Critical Vulnerability in Firefox and Thunderbird

Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Reflected Cross-Site Scripting vulnerability.

By Waqas Ensure Your Chrome Browser Is Up to Date and Secure: Enable Automatic Updates to Safeguard Against Cybersecurity Threats This is a post from HackRead.com Read the original post: Critical Chrome Update Counters Spyware Vendor’s Exploits

### Impact This vulnerability affects deployments of Imageflow that involve decoding or processing malicious source .webp files. If you only process your own trusted files, this should not affect you (but you should update anyway). Imageflow relies on Google's [libwebp] library to decode .webp images, and is affected by the recent zero-day out-of-bounds write vulnerability [CVE-2023-4863](https://nvd.nist.gov/vuln/detail/CVE-2023-4863) and https://github.com/advisories/GHSA-j7hp-h8jx-5ppr. The libwebp vulnerability also affects Chrome, Android, macOS, and other consumers of the library). libwebp patched [the vulnerability](https://github.com/webmproject/libwebp/commit/2af26267cdfcb63a88e5c74a85927a12d6ca1d76 ) and released [1.3.2](https://github.com/webmproject/libwebp/releases/tag/v1.3.2) This was patched in [libwebp-sys in 0.9.3 and 0.9.4](https://github.com/NoXF/libwebp-sys/commits/master) **[Imageflow v2.0.0-preview8](https://github.com/imazen/imageflow/releases/tag/v2.0.0-p...

By Deeba Ahmed If you’ve installed Bitwarden Password Manager recently, ensure that you downloaded it from its official website and not… This is a post from HackRead.com Read the original post: Fake Bitwarden Password Manager Website Drops Windows ZenRAT

The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers, contacts info, etc.

Categories: Android Categories: Apple Categories: Exploits and vulnerabilities Tags: Pegasus Tags: spyware Tags: nso Tags: webp Tags: libwebp Tags: buffer overflow The company behind the infamous Pegasus spyware used a vulnerability in almost every browser to plant their malware on victim's devices. (Read more...) The post Pegasus spyware and how it exploited a WebP vulnerability appeared first on Malwarebytes Labs.

Categories: Personal Tags: android Tags: xenomorph Tags: malware Tags: phone Tags: google play Tags: cryptocurrency We take a look at a new Android scam involving Xenomorph malware and a hunt for cryptocurrency credentials. (Read more...) The post Xenomorph hunts cryptocurrency logins on Android appeared first on Malwarebytes Labs.

Categories: Business We released version 1.2 of the Malwarebytes Admin app for IOS and Android last week, featuring new Detections features that adds visibility into threats. (Read more...) The post Malwarebytes Admin update: New Detection screens to manage threats! appeared first on Malwarebytes Labs.