Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

CVE-2023-33293: KaiOS 3.0 App Install Exposure

An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local web server on *.localhost with subdomains for each installed applications, e.g., myapp.localhost. An attacker can make fetch requests to api-deamon to determine if a given app is installed and read the manifest.webmanifest contents, including the app version.

CVE
#web#ios#android#git#auth#firefox
CVE-2023-31923

Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be exploited to gain full administrator privileges on the system.

CVE-2023-25537: DSA-2023-098: Security Update for Dell PowerEdge 14G Server BIOS for an Out of Bounds Write Vulnerability

Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.

A week in security (May 15-21)

Categories: News Tags: Week in security Tags: May 2023 The most interesting security-related news of the week from May 15-21. (Read more...) The post A week in security (May 15-21) appeared first on Malwarebytes Labs.

Confidential Containers on Azure with OpenShift: A technical deep dive

Red Hat OpenShift sandboxed containers has taken a significant step forward in workload and data security by adopting the components and principles of the CNCF Confidential Containers (CoCo) open source project and the underlying Trusted Execution Environment (TEE) technology. The first blog in the series introduced the OpenShift sandboxed containers with support for confidential containers solution on Microsoft Azure and targeted use cases. Learn more about Confidential Containers In this blog, we're focusing on the specifics of the CoCo components. We'll break down the major elements,

CVE-2023-33250: KASAN: slab-use-after-free Read in iopt_unmap_iova_range

The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c.

A TikTok ‘Car Theft’ Challenge Is Costing Hyundai $200 Million

Plus: The FBI gets busted abusing a spy tool, an ex-Apple engineer is charged with corporate espionage, and collection of airborne DNA raises new privacy risks.

Samsung Devices Under Active Exploitation! CISA Warns of Critical Flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a medium-severity flaw affecting Samsung devices. The issue, tracked as CVE-2023-21492 (CVSS score: 4.4), impacts select Samsung devices running Android versions 11, 12, and 13. The South Korean electronics giant described the issue as an information disclosure flaw that could be exploited by a

OpenAI Launches ChatGPT App for iOS, Bolstering Accessibility and Safety

By Habiba Rashid While the ChatGPT app is currently available exclusively for iOS users, OpenAI assures Android users that they are next in line to experience the benefits of the app. This is a post from HackRead.com Read the original post: OpenAI Launches ChatGPT App for iOS, Bolstering Accessibility and Safety