Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2021-41413: GitHub - brackeen/ok-file-formats: Decoders for PNG, JPEG, WAV, and a few other file formats

ok-file-formats master 2021-9-12 is affected by a buffer overflow in ok_jpg_convert_data_unit_grayscale and ok_jpg_convert_YCbCr_to_RGB.

CVE
Open in Source
#apple#git#buffer_overflow
Hackers Using Web3 Backdoor Wallets to Steal Seed Phrases from iOS/Android Users

By Deeba Ahmed A Chinese-speaking, technically skilled threat actor distributes backdoored applications to extract cash from victims in the newly discovered… This is a post from HackRead.com Read the original post: Hackers Using Web3 Backdoor Wallets to Steal Seed Phrases from iOS/Android Users

Don’t panic! “Unpatchable” Mac vulnerability discovered

Researchers at MIT have published details about an attack that uses a flaw in the M1 security feature pointer authentication codes. The post Don’t panic! “Unpatchable” Mac vulnerability discovered appeared first on Malwarebytes Labs.

CVE-2021-40604: 4.6.2

A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. In some cases an exploitation is possible by an unauthenticated user.

Cybercriminals use reverse tunneling and URL shorteners to launch ‘virtually undetectable’ phishing campaigns

New hacking technique allows threat actors to evade some of the most effective phishing countermeasures

CVE-2022-1969: mobile-browser-color-select.php in mobile-browser-color-select/trunk – WordPress Plugin Repository

The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the admin_update_data() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Bluetooth Signals Can Be Abused To Detect and Track Smartphones

By Deeba Ahmed Even unpaired smartphones are vulnerable to tracking. According to a study  by the University of California San Diego’s engineers,… This is a post from HackRead.com Read the original post: Bluetooth Signals Can Be Abused To Detect and Track Smartphones

How China Hacked US Phone Networks

Plus: Russia rattles its cyber sword, a huge Facebook phishing operation is uncovered, feds take down the SSNDOB marketplace, and more.

MIT Researchers Discover New Flaw in Apple M1 CPUs That Can't Be Patched

A novel hardware attack dubbed PACMAN has been demonstrated against Apple's M1 processor chipsets, potentially arming a malicious actor with the capability to gain arbitrary code execution on macOS systems. It leverages "speculative execution attacks to bypass an important memory protection mechanism, ARM Pointer Authentication, a security feature that is used to enforce pointer integrity," MIT