Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities

Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild. The three security shortcomings are listed below - CVE-2023-32409 - A WebKit flaw that could be exploited by a malicious actor to break out of the Web Content sandbox. It was addressed with

The Hacker News
Open in Source
#vulnerability#web#ios#mac#apple#google#rce#zero_day#webkit#sap#The Hacker News
WordPress Elementor Lite 5.7.1 Arbitrary Password Reset

On May 11 2023, Essential Addons for Elementor, a WordPress plugin with over one million active installations, released a patch for a critical vulnerability that made it possible for any unauthenticated user to reset arbitrary user passwords, including user accounts with administrative-level access. Versions 5.7.1 and below are affected.

Apple Thwarts $2 Billion in App Store Fraud, Rejects 1.7 Million App Submissions

Apple has announced that it prevented over $2 billion in potentially fraudulent transactions and rejected roughly 1.7 million app submissions for privacy and security violations in 2022. The computing giant said it terminated 428,000 developer accounts for potential fraudulent activity, blocked 105,000 fake developer account creations, and deactivated 282 million bogus customer accounts. It

CVE-2023-27217: ‘FriendlyName’ Buffer Overflow Vulnerability in Wemo Smart Plug V2 | Sternum

A stack-based buffer overflow in the ChangeFriendlyName() function of Belkin Smart Outlet V2 F7c063 firmware_2.00.11420.OWRT.PVT_SNSV2 allows attackers to cause a Denial of Service (DoS) via a crafted UPNP request.

Rebinding Attacks Persist With Spotty Browser Defenses

DNS rebinding attacks are not often seen in the wild, which is one reason why browser makers have taken a slower approach to adopting the web security standard.

Apple Boots a Half-Million Developers From Official App Store

The mobile phone and MacBook giant also rejected nearly 1.7 million app submissions last year in an effort to root out malware and fraud.

CVE-2023-31903: OffSec’s Exploit Database Archive

GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file.

CVE-2023-31904: OffSec’s Exploit Database Archive

savysoda Wifi HD Wireless Disk Drive 11 is vulnerable to Local File Inclusion.

ChatGPT Scams Are Infiltrating Apple's App Store and Google Play

An explosion of interest in OpenAI’s sophisticated chatbot means a proliferation of “fleeceware” apps that trick users with sneaky in-app subscriptions.

Announcing The BlueHat Podcast: Listen and Subscribe Now!

Available today on all major podcast platforms is The BlueHat Podcast, a new series of security research focused conversations, continuing the themes from the BlueHat 2023 conference (session recordings available to watch here). Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers: to debate, discuss, share, challenge, celebrate and learn.