#apple

Some 1,700 spoofed apps, 120 targeted publishers, 12 billion false ad requests per day—Vastflux is one of the biggest ad frauds ever discovered.

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain text fields within a PATCH /modify_onto request to the ontology builder. This may allow attackers to steal Protected Health Information.

TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload.

Categories: Podcast This week on Lock and Code, we speak with Lexie Cooper, the owner behind the TikTok account TrackerPacer, about the vitriol she faced online after talking about the gender gap in technology. (Read more...) The post Fighting technology's gender gap with TracketPacer: Lock and Code S04E02 appeared first on Malwarebytes Labs.

Cupertino puts privacy first in a lot of its products. But the company still gathers a bunch of your information.

Categories: News Tags: Erik McCauley Tags: SweetWizard Tags: law enforcement app Tags: ODIN Intelligence Tags: Wired SweepWizard, an app designed to assist law enforcement is causing a bit of trouble, was found inadvertently leaking sweeping data for years. (Read more...) The post Law enforcement app SweepWizard leaks data on crime suspects appeared first on Malwarebytes Labs.

Popular short-form video hosting service TikTok has been fined €5 million (about $5.4 million) by the French data protection watchdog for breaking cookie consent rules, making it the latest platform to face similar penalties after Amazon, Google, Meta, and Microsoft since 2020. "Users of 'tiktok[.]com' could not refuse cookies as easily as accepting them and they were not informed in a

Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password.