#ios

Red Hat Security Advisory 2023-3465-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

trust-dns and trust-dns-server are vulnerable to remotely triggered denial-of-service attacks, consuming both network and CPU resources. DNS messages with the QR=1 bit set are responded to with a `FormErr` response. This allows creating a traffic loop, in which these `FormErr` responses are sent nonstop between vulnerable servers. There are two scenarios how this can be exploited: 1) Create a loop between two instances of trust-dns, consuming network resources, or 2) consuming the CPU of a single instance. With two instances *A* and *B* an attacker sends a DNS query with a spoofed source IP address to *A*. *A* replies with a `FormErr` to *B*. Now both servers with ping-pong the message back and forth until by chance the packet is dropped in the network. Multiple spoofed packets can be sent by the attacker, increasing resource consumption. A single server can get locked up replying to itself. Same setup as above, but now *A* sends the reply to itself. The packet is sent out as fast a...

Instead of scanning iCloud for illegal content, Apple's tech will locally flag inappropriate images for kids. And adults are getting an opt-in nudes filter, too.

A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.

Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service (DoS) via DNS Recursion.

Marshall is a senior security strategist for Talos’ Strategic Communications team, specifically focusing on industrial control systems.

Plus: Amazon’s Ring was ordered to delete algorithms, North Korea’s failed spy satellite, and a rogue drone “attack” isn’t what it seems.

A survey of global cybersecurity leaders through the 2023 Certified CISO Hall of Fame Report commissioned by the EC-Council identified 4 primary areas of grave concern: cloud security, data security, security governance, and lack of cybersecurity talent. EC-Council, the global leader in cybersecurity education and training, released its Certified Chief Information Security Officer Hall of Fame

By Waqas The researchers discovered the oldest traces of infection in 2019, and it is believed that the attack is still active. This is a post from HackRead.com Read the original post: Kaspersky Reveals iPhones of Employees Infected with Spyware

Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device.