Security
Headlines
HeadlinesLatestCVEs

Tag

#asus

Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones

Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061 - A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment. CVE-2023-41064

The Hacker News
Open in Source
#web#ios#mac#apple#buffer_overflow#asus#zero_day#sap#The Hacker News
Update NOW! Pegasus Spyware Exploit Found in iPhones Running Latest iOS

By Waqas If you are using an iPhone, it is time to update it to the latest version RIGHT NOW! This is a post from HackRead.com Read the original post: Update NOW! Pegasus Spyware Exploit Found in iPhones Running Latest iOS

CVE-2023-39240: ASUS RT-AX55、RT-AX56U_V2、RT-AC86U - Format String - 3

It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.

CVE-2023-39238: ASUS RT-AX55、RT-AX56U_V2、RT-AC86U - Format String - 1

It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.

CVE-2023-39239

It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.

CVE-2023-38033: ASUS RT-AC86U - Command injection vulnerability - 3

ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.

CVE-2023-39237: ASUS RT-AC86U - Command injection vulnerability - 5

ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.

CVE-2023-39236: ASUS RT-AC86U - Command injection vulnerability - 4

ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.

CVE-2023-38032: ASUS RT-AC86U - Command injection vulnerability - 2

ASUS RT-AC86U AiProtection security- related function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.

CVE-2023-38031: ASUS RT-AC86U - Command injection vulnerability - 1

ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.