#ios

During a security audit, [Radically Open Security](https://www.radicallyopensecurity.com/) discovered several reachable edge cases which allow an attacker to trigger `rpgp` crashes by providing crafted data. ### Impact When processing malformed input, `rpgp` can run into Rust panics which halt the program. This can happen in the following scenarios: * Parsing OpenPGP messages from binary or armor format * Decrypting OpenPGP messages via `decrypt_with_password()` * Parsing or converting public keys * Parsing signed cleartext messages from armor format * Using malformed private keys to sign or encrypt Given the affected components, we consider most attack vectors to be reachable by remote attackers during typical use cases of the `rpgp` library. The attack complexity is low since the malformed messages are generic, short, and require no victim-specific knowledge. The result is a denial-of-service impact via program termination. There is no impact to confidentiality or integrity secur...

This is the first of a series of articles in which we will share how confidential computing (a set of hardware and software technologies designed to protect data in use) can be integrated into the Red Hat OpenShift cluster. Our goal is to enhance data security, so all data processed by workloads running on OpenShift can remain confidential at every stage.In this article, we will focus on the public cloud and examine how confidential computing with OpenShift can effectively address the trust issues associated with cloud environments. Confidential computing removes some of the barriers that high

The notorious spyware from Israel's NSO Group has been found targeting journalists, government officials, and corporate executives in multiple variants discovered in a threat scan of 3,500 mobile phones.

The mobile device security firm iVerify has been offering a tool since May that makes spyware scanning accessible to anyone—and it’s already turning up victims.

Proposals from Google and Apple drastically reduce the life cycle of certificates, which should mean more oversight — and hopefully better control.

Websites these days know everything about you — even some details you might not realize. Hackers can take advantage of that with a sharp-toothed attack that exploits Europe's GDPR-mandated data portability rules.

A logo is more than just a visual element—it’s the cornerstone of your brand identity. It communicates your…

Though it's still just a proof of concept, the malware is functional and can evade the Secure Boot process on devices from multiple vendors.

SmokeLoader malware has resurfaced with enhanced capabilities and functionalities, targeting your personal data.

### Impact There is a vulnerability in Traefik that allows the client to provide the `X-Forwarded-Prefix` header from an untrusted source. ### Patches - https://github.com/traefik/traefik/releases/tag/v2.11.14 - https://github.com/traefik/traefik/releases/tag/v3.2.1 ### Workarounds No workaround. ### For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues). <details> <summary>Original Description</summary> ### Summary The previously reported open redirect ([GHSA-6qq8-5wq3-86rp](https://github.com/traefik/traefik/security/advisories/GHSA-6qq8-5wq3-86rp)) is not fixed correctly. The safePrefix function can be tricked to return an absolute URL. ### Details The Traefik API [dashboard component](https://github.com/traefik/traefik/blob/master/pkg/api/dashboard/dashboard.go) tries to validate that the value of the header X-Forwarded-Prefix is a site relative path: ```go http.Redirect(resp, req,...