#ios

New features include context-aware, zero-trust data protection on local peripherals and devices.

app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions.

Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS.

By Deeba Ahmed Spyware developer firm Cytrox is under Google’s radar for developing exploits against five 0-day flaws in Android and… This is a post from HackRead.com Read the original post: Predator Spyware Using Zero-day to Target Android Devices

Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.

By Owais Sultan Online gaming has always been the buddy of leisure time because they allow us to bring some enjoyment… This is a post from HackRead.com Read the original post: 5 Casual Games You Can Play on Your Mobile Browser Now

Cisco on Friday rolled out fixes for a medium-severity vulnerability affecting IOS XR Software that it said has been exploited in real-world attacks. Tracked as CVE-2022-20821 (CVSS score: 6.5), the issue relates to an open port vulnerability that could be abused by an unauthenticated, remote attacker to connect to a Redis instance and achieve code execution. "A successful exploit could allow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4.

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support for quantized types, which was added after migration to TensorFlow 2.x. In these scenarios, since the kernel is missing, a `nullptr` value is passed to `ParseDimensionValue` for the `py_value` argument. Then, this is dereferenced, resulting in segfault. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events.