Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2023-32373: About the security content of Safari 16.5

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

CVE
Open in Source
#vulnerability#web#ios#mac#apple#google#buffer_overflow#webkit
CVE-2023-32385: About the security content of iOS 16.5 and iPadOS 16.5

A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination

CVE-2023-32434: About the security content of macOS Big Sur 11.7.8

An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Big Sur 11.7.8, macOS Monterey 12.6.7, macOS Ventura 13.4.1, watchOS 9.5.2. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.

CVE-2023-27964: About the security content of AirPods and Beats firmware updates

An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.

CVE-2023-32353: About the security content of iTunes 12.12.9 for Windows

A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges

LockBit Developing Ransomware for Apple M1 Chips, Embedded Systems

Under construction: The world's leading ransomware gang is workshopping ransomware for less obvious systems beyond Windows environments. Experts weigh in on how worried we should be.

Tanium Platform Advances Threat Identification Capabilities and Enhances Endpoint Reach

Award-winning XEM platform introduces advanced SBOM capabilities, expanded ARM support, and additional Risk & Compliance improvements.

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. "smishing") messages that spoofed UPS and other top brands. The missives addressed recipients by name, included details about recent orders, and warned that those orders wouldn't be shipped unless the customer paid an added delivery fee.

2 More Apple Zero-Days Exploited in Ongoing iOS Spy Campaign

The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices.