#ios

### Summary Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the fail of a websocket handshake will trigger a local reply leading to the crash of Envoy. ### PoC If both websocket and ext_proc are enabled, a failed handshake will trigger a local reply, thus ext_proc will crash. ### Mitigation 1. Disable websocket traffic 2. Change the websocket response from backend to always return `101 Switch protocol` based on RFC. 3. Apply the patch and the ext_proc filter will not send the local reply that is generated by Envoy to the ext_proc server for processing. 4. Apply the patch that the router will cancel the upstream requests when sending a local reply. ### Impact Denial of service ### Reporter Vasilios Syrakis Fernando Cainelli

Amid growing concerns over Big Tech firms aligning with Trump administration policies, people are starting to move their digital lives to services based overseas. Here's what you need to know.

Citizen Lab's investigation reveals sophisticated spyware attacks exploiting WhatsApp vulnerabilities, implicating Paragon Solutions. Learn how their research exposed these threats and the implications for digital privacy.

Experts are warning about the proliferating market for targeted spyware and espionage. Why should we be concerned?

A new Zimperium report reveals that rooted Android phones and jailbroken iOS devices face growing threats, with advanced toolkits making detection nearly impossible for cybersecurity researchers.

Microsoft refuses to patch serious Windows shortcut vulnerability abused in global espionage campaigns!

Do you need to permanently and securely delete photos from an iPhone to prevent unauthorized access? Simply deleting…

### Impact If the Expr expression parser is given an **unbounded input string**, it will attempt to compile the *entire* string and generate an Abstract Syntax Tree (AST) node for each part of the expression. In scenarios where input size isn’t limited, a malicious or inadvertent extremely large expression can consume excessive memory as the parser builds a huge AST. This can ultimately lead to **excessive memory usage** and an **Out-Of-Memory (OOM) crash** of the process. This issue is relatively uncommon and will only manifest when there are **no restrictions on the input size**, i.e. the expression length is allowed to grow arbitrarily large. In typical use cases where inputs are bounded or validated, this problem would not occur. ### Patches The problem has been **patched** in the latest versions of the Expr library. The fix introduces compile-time limits on the number of AST nodes and memory usage during parsing, preventing any single expression from exhausting resources. Users ...

In its latest research report, cybersecurity firm Veriti has spotted active exploitation of a vulnerability within OpenAI’s ChatGPT…

StilachiRAT: Sophisticated malware targets crypto wallets & credentials. Undetected, it maps systems & steals data. Microsoft advises strong security measures.