#ios

Categories: Apple Categories: Exploits and vulnerabilities Categories: News Tags: iOS 16.4.1 Tags: iPadOS 16.4.1 Tags: macOS 13.3.1 Tags: CVE-2023-28206 Tags: CVE-2023-28205 Tags: use-after-free Tags: out-of-bounds write Tags: IOSurfaceAccelerator Apple has released iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1 for the iPhone, iPad, and Mac, respectively, and our advice is to install them as soon as possible. (Read more...) The post Apple releases emergency updates for two known-to-be-exploited vulnerabilities appeared first on Malwarebytes Labs.

Categories: News Tags: TikTok Tags: Super FabriXss Tags: Twitter Tags: macOS malware Tags: ransomware Tags: 2023 State of Malware Tags: Western Digital Tags: Android Tags: endpoint security Tags: ChatGPT Tags: K-12 Tags: IoT Tags: Facebook Tags: targeted advertising Tags: Google Tags: data theft Tags: e-file Tags: tax Tags: Uber breach The most interesting security related news from the week of April 3 - 9. (Read more...) The post A week in security (April 3 - 9) appeared first on Malwarebytes Labs.

<p>For some time now, the conversation around what poses risk in software vulnerabilities has been evolving. It has been gratifying to hear other voices amplifying what I, and generally Red Hat, have been saying for years: not all vulnerabilities in software matter, and not all vulnerabilities in software are created equal. A number of industry leaders in the security space have been saying this, and those voices are becoming louder and harder to ignore. More importantly, as I talk to customers, the message is beginning to resonate. And that’s for one simple reason:</p&a

Unpatched Macs, iPhones, and iPads open to browser takeover and system kernel-level malicious code execution, Apple warns.

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Big Sur 11.7.6, macOS Ventura 13.3.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Ubuntu Security Notice 6002-1 - It was discovered that Irssi incorrectly handled certain internal routines. An attacker could possibly use this issue to cause a crash.

The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user (admin+) to view the contents of arbitrary files and list directories anywhere on the server (to which the web server has access). The plugin only displays the last 50 lines of the file.

The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user (admin+) to plant bogus log files containing malicious JavaScript code that will be executed in the context of any administrator visiting this page.

In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.