Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

Ducktail Malware Operation Evolves with New Malicious Capabilities

The operators of the Ducktail information stealer have demonstrated a "relentless willingness to persist" and continued to update their malware as part of an ongoing financially driven campaign. "The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim's Facebook account," WithSecure researcher Mohammad Kazem

The Hacker News
Open in Source
#apple#git#php#auth#sap#The Hacker News
CVE-2022-43751: Antivirus, VPN, Identity & Privacy Protection | McAfee

McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user. This may have allowed the unprivileged user to execute arbitrary code with system privileges.

CVE-2022-45535: AeroCMS-v0.0.1-SQLi update_categories_sql_injection

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information.

CVE-2022-45331: CVE/post_sql_injection.md at master · rdyx0/CVE

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information.

CVE-2022-45536: CVE/post_comments_sql_injection.md at master · rdyx0/CVE

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. This vulnerability allows attackers to access database information.

GHSA-frqp-wp83-qggv: Heap overflow in `QuantizeAndDequantizeV2`

### Impact The function [MakeGrapplerFunctionItem](https://https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221) takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. ```python import tensorflow as tf @tf.function def test(): tf.raw_ops.QuantizeAndDequantizeV2(input=[2.5], input_min=[1.0], input_max=[10.0], signed_input=True, num_bits=1, range_given=True, round_mode='HALF_TO_EVEN', narrow_range=True, axis=0x7fffffff) test() ``` ### Patches We have patched the issue in GitHub commit [7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb](https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb). The fix will be included in TensorFlow 2.11.0. We will also cherr...

GHSA-cg88-rpvp-cjv5: Out of bounds write in grappler in Tensorflow

### Impact The function [MakeGrapplerFunctionItem](https://https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221) takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. ### Patches We have patched the issue in GitHub commit [a65411a1d69edfb16b25907ffb8f73556ce36bb7](https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7). The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.

A Leak Details Apple's Secret Dirt on Corellium, a Trusted Security Startup

A 500-page document reviewed by WIRED shows that Corellium engaged with several controversial companies, including spyware maker NSO Group.

A Destabilizing Hack-and-Leak Operation Hits Moldova

Plus: Google’s location snooping ends in a $391 million settlement, Russian code sneaks into US government apps, and the World Cup apps set off alarms.