Security
Headlines
HeadlinesLatestCVEs

Tag

#android

CVE-2022-28104: Security Bulletins | Foxit Software

Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file upload vulnerability.

CVE
Open in Source
#sql#xss#vulnerability#web#ios#android#mac#windows#google#microsoft#linux#cisco#dos#js#git#java#intel#rce#perl#pdf#buffer_overflow#auth#ibm#zero_day#firefox#wifi#ssl
CVE-2022-30551: GitHub - OPCFoundation/UA-Java-Legacy: This repository is provided by OPC Foundation as legacy support for an Java version for OPC UA.

OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources.

Cytrox's Predator Spyware Target Android Users with Zero-Day Exploits

Google's Threat Analysis Group (TAG) on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day (aka 0-day) flaws, four in Chrome and one in Android, to target Android users. "The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched

Spyware Vendors Target Android With Zero-Day Exploits

New research from Google's Threat Analysis Group outlines the risks Android users face from the surveillance-for-hire industry.

6 Scary Tactics Used in Mobile App Attacks

Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.

CVE-2022-22784: Security Bulletin

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving users client perform a variety of actions.This issue could be used in a more sophisticated attack to forge XMPP messages from the server.

CVE-2022-30976: gpac/gpac.1 at 105d67985ff3c3f4b98a98f312e3d84ae77a4463 · gpac/gpac

GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.

New Sysrv-k Botnet Infecting Windows and Linux Systems with Cryptominer

By Deeba Ahmed Microsoft has discovered a new Sysrv botnet variant deploying cryptocurrency miners on Windows and Linux systems. The Microsoft… This is a post from HackRead.com Read the original post: New Sysrv-k Botnet Infecting Windows and Linux Systems with Cryptominer

Your iPhone Is Vulnerable to a Malware Attack Even When It’s Off

Researchers found a way to exploit the tech that enables Apple’s Find My feature, which could allow attackers to track location when a device is powered down.