#ios

### Summary Insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over outbound headers. ### Details Outbound `trillium_http::HeaderValue` and `trillium_http::HeaderName` can be constructed infallibly and were not checked for illegal bytes when sending requests from the client or responses from the server. Thus, if an attacker has sufficient control over header values (or names) in a request or response that they could inject `\r\n` sequences, they could get the client and server out of sync, and then pivot to gain control over other parts of requests or responses. (i.e. exfiltrating data from other requests, SSRF, etc.) ### Patches #### trillium-http >= 0.3.12: * If a header name is invalid in server response headers, the specific header and any associated values are omitted from network transmission. * If a header value is invalid in server response headers, the individual ...

NSO Group, creator of the infamous Pegasus spyware, is spending millions on lobbying in Washington while taking advantage of the crisis in Gaza to paint itself as essential for global security.

Apple has released new security updates for several products including a patch for a zero-day vulnerability which may have been exploited.

Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild. The issue, tracked as CVE-2024-23222, is a type confusion bug that could be exploited by a threat actor to achieve arbitrary code execution when processing maliciously crafted web content. The tech giant said the problem

## Issue 1: Failure to quote characters Affected versions of this crate allowed the bytes `{` and `\xa0` to appear unquoted and unescaped in command arguments. If the output of `quote` or `join` is passed to a shell, then what should be a single command argument could be interpreted as multiple arguments. This does not *directly* allow arbitrary command execution (you can't inject a command substitution or similar). But depending on the command you're running, being able to inject multiple arguments where only one is expected could lead to undesired consequences, potentially including arbitrary command execution. The flaw was corrected in version 1.2.1 by escaping additional characters. Updating to 1.3.0 is recommended, but 1.2.1 offers a more minimal fix if desired. Workaround: Check for the bytes `{` and `\xa0` in `quote`/`join` input or output. (Note: `{` is problematic because it is used for glob expansion. `\xa0` is problematic because it's treated as a word separator in [...

Apple’s iOS 17.3 introduces Stolen Device Protection to iPhones, which could stop phone thieves from taking over your accounts. Here’s how to enable it right now.

By Owais Sultan Deloitte Partners with Memcyco to Combat ATO and Other Online Attacks with Real-Time Digital Impersonation Protection Solutions. This is a post from HackRead.com Read the original post: Deloitte Teams Up with Memcyco for Real-Time Digital Impersonation Protection

The Backup Operators is a Windows built-in group. Users which are part of this group have permissions to perform backup and restore operations. More specifically,… Continue reading → Domain Escalation – Backup Operator

The Backup Operators is a Windows built-in group. Users which are part of this group have permissions to perform backup and restore operations. More specifically,… Continue reading → Domain Escalation – Backup Operator

An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been linked to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. "UNC3886 has a track record of utilizing zero-day vulnerabilities to complete their mission without being detected, and this latest example further