#ios

Cisco on Wednesday rolled out patches for 10 security flaws spanning multiple products, one of which is rated Critical in severity and could be weaponized to conduct absolute path traversal attacks. The issues, tracked as CVE-2022-20812 and CVE-2022-20813, affect Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) and "could allow a remote attacker to overwrite

Apple on Wednesday announced it plans to introduce an enhanced security setting called Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura to safeguard high-risk users against "highly targeted cyberattacks." The "extreme, optional protection" feature, now available for preview in beta versions of its upcoming software, is designed to counter a surge in threats posed by private companies

By Waqas External Attack Surface Management (EASM) is a cybersecurity tool that uncovers leaked data and shadow IT that hackers… This is a post from HackRead.com Read the original post: What Makes External Attack Surface Management Essential?

OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.

Apple's new Lockdown Mode protects devices targeted by sophisticated state-sponsored mercenary spyware attacks.

Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions.

Starting with iOS 16, people who are at risk of being targeted with spyware will have some much-needed help.

Red Hat Security Advisory 2022-5498-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include HTTP request smuggling, buffer overflow, bypass, code execution, cross site scripting, denial of service, heap overflow, information leakage, privilege escalation, remote shell upload, remote SQL injection, and traversal vulnerabilities.

The maintainers of the OpenSSL project have released patches to address a high-severity bug in the cryptographic library that could potentially lead to remote code execution under certain scenarios. The issue, now assigned the identifier CVE-2022-2274, has been described as a case of heap memory corruption with RSA private key operation that was introduced in OpenSSL version 3.0.4 released on

The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient().