Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Apple ID scam leads to $27,000 in-person theft of Ohio man

An Ohio man lost $27,000 after an Apple ID scam text hit his phone. The strangest part? It happened at his doorstep.

Malwarebytes
Open in Source
#ios#android#mac#apple#git
New 'Shade BIOS' Technique Beats Every Kind of Security

What if malware didn't require an operating system to function? How would anyone possibly notice, let alone disable it?

GHSA-4r7w-q3jg-ff43: OpenEXR Out of Bounds Heap Read due to Bad Pointer Arithmetic in LossyDctDecoder_execute

### Summary The OpenEXRCore code is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. ### Details In the `LossyDctDecoder_execute` function (from `src/lib/OpenEXRCore/internal_dwa_decoder.h`, when SSE2 is enabled), the following code is used to copy data from the chunks: ```cpp // no-op conversion to linear for (int y = 8 * blocky; y < 8 * blocky + maxY; ++y) { __m128i* restrict dst = (__m128i *) chanData[comp]->_rows[y]; __m128i const * restrict src = (__m128i const *)&rowBlock[comp][(y & 0x7) * 8]; for (int blockx = 0; blockx < numFullBlocksX; ++blockx) { _mm_storeu_si128 (dst, _mm_loadu_si128 (src)); // src += 8 * 8; // <--- si128 pointer incremented as a uint16_t dst += 8; } } ``` The issue arises because the `src` pointer, which is a `si128` pointer, is incremented by `8*8`, as if it were a `uint16_t` pointer...

Prison visitor details shared with all inmates at correctional facility

A Florida correctional institution leaked the names, email addresses, and telephone numbers of visitors to the facility to every inmate.

That seemingly innocent text is probably a scam

Scammers are using texts that appear to have been sent to a wrong number to get targets to engage in a conversation.

.NET Bounty Program now offers up to $40,000 in awards 

We’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers. The .NET Bounty Program now offers awards up to $40,000 USD for vulnerabilities impacting the .NET and ASP.NET Core (including Blazor and Aspire).

.NET Bounty Program now offers up to $40,000 in awards 

We’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers. The .NET Bounty Program now offers awards up to $40,000 USD for vulnerabilities impacting the .NET and ASP.NET Core (including Blazor and Aspire).

VPN use rises following Online Safety Act’s age verification controls

VPN use is skyrocketing across the UK as the region's Online Safety Act places age verification controls on adult websites.

VPN use rises following Online Safety Act’s age verification controls

VPN use is skyrocketing across the UK as the region's Online Safety Act places age verification controls on adult websites.

Apple patches multiple vulnerabilities in iOS and iPadOS. Update now!

Apple has released important security updates for iOS and iPadOS patching 29 vulnerabilities, mostly in WebKit.