#ios

Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation. The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content. While it was originally addressed by the company on November

Categories: Apple Categories: Exploits and vulnerabilities Categories: News Tags: iOS 12.5.7 Tags: CVE-2022-42856 Tags: type confusion Tags: WebKit Apple has now released security content for iOS 12.5.7 which includes a patch for an actively exploited vulnerability in WebKit and many other updates. (Read more...) The post Own an older iPhone? Check you're on the latest version to avoid this bug appeared first on Malwarebytes Labs.

Meta Platforms on Monday announced that it has started to expand global testing of end-to-end encryption (E2EE) in Messenger chats by default. "Over the next few months, more people will continue to see some of their chats gradually being upgraded with an extra layer of protection provided by end-to-end encryption," Meta's Melissa Miranda said. The social media behemoth said it intends to notify

Categories: Apple Categories: News Tags: VASTFLUX Tags: HUMAN Tags: fast flux Tags: VAST Tags: Matryoshka Tags: JavaScript Tags: JS Tags: iOS Tags: ad fraud Tags: malvertising Tags: Video Ad Serving Template Tags: VAST Tags: command-and-control Tags: C2 An evasive ad fraud campaign affecting iOS users has come to light. It’s called VASTFLUX. (Read more...) The post VASTFLUX ad fraud massively affected millions of iOS devices, dismantled appeared first on Malwarebytes Labs.

OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter.

Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UFS Boot feature to boot from UFS compliant storage devices. The UFS Boot feature, as specified in the UFS standard, is provided by UFS devices to support platforms that need to download the system boot loader from external non-volatile storage locations. Several scenarios have been identified in which adversaries may disable the boot capability, or revert to an old boot loader code, if the host boot ROM code is improperly implemented. UFS Host Boot ROM implementers may be impacted by this vulnerability. UFS devices are only impacted when connected to a vulnerable UFS Host and are not independently impacted by this vulnerability. When present, the vulnerability is in the UFS Host implementation and is not a vulnerability in Western Digital UFS Devices. Western Digital has provided details of...

Security leaders must build resiliency against these complex attacks immediately.

By Deeba Ahmed Roaming Mantis malware was last seen in April 2018 targeting iOS and Android devices with cryptocurrency mining malware but this time, it has new DNS changer capabilities. This is a post from HackRead.com Read the original post: Roaming Mantis Malware Returns with DNS Changer Capability

The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clear_all_cache function in versions up to, and including, 3.0.12.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear the plugin's cache.

A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.