Safari, Ios Security Vulnerabilities

Cisco IOS XE Software Privilege Escalation (cisco-sa-iosxe-priv-esc-seAx6NLX)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability is due to...

Ubuntu 22.04 LTS / 23.10 : WebKitGTK vulnerabilities (USN-6732-1)

The remote Ubuntu 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6732-1 advisory. An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS...

Cisco Access Point Software Secure Boot Bypass (cisco-sa-ap-secureboot-bypass-zT5vJkSD)

According to its self-reported version, Cisco Access Point Software Secure Boot Bypass is affected by a vulnerability. A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2024:1270-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1270-1 advisory. An inconsistent user interface issue was addressed with improved state management. This issue...

SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2024:1269-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1269-1 advisory. An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and...

Cisco IOS XE Software Locator ID Separation Protocol DoS (cisco-sa-lisp-3gYXs3qP)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to...

Cisco IOS Software Locator ID Separation Protocol DoS (cisco-sa-lisp-3gYXs3qP)

According to its self-reported version, Cisco IOS is affected by a vulnerability. A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload....

Cisco IOS XE Software DHCP Snooping with Endpoint Analytics DoS (cisco-sa-dhcp-dos-T3CXPO9z)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of...

Cisco IOS XE Software Auxiliary Asynchronous Port DoS (cisco-sa-aux-333WBz8f)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This...

Cisco IOS XE Software OSPFv2 DoS (cisco-sa-iosxe-ospf-dos-dR9Sfrxp)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in...

Cisco IOS XE Software for Wireless LAN Controllers Multicast DNS DoS (cisco-sa-wlc-mdns-dos-4hv6pBGf)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service...

Apple warns people of mercenary attacks via threat notification system

Apple has reportedly sent alerts to individuals in 92 nations on Wednesday, April 10, to say it's detected that they may have been a victim of a mercenary attack. The company says it has sent out these types of threat notifications to over 150 countries since the start in 2021. Mercenary spyware...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 193 vulnerabilities disclosed in 154...

Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks

Apple on Wednesday revised its documentation pertaining to its mercenary spyware threat notification system to mention that it alerts users when they may have been individually targeted by such attacks. It also specifically called out companies like NSO Group for developing commercial surveillance....

Medium: webkitgtk4

Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service. (CVE-2023-42956) A logic issue was addressed with improved validation. This issue is fixed....

App Builder < 3.8.8 - Open Redirection

Description The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.8.7. This is due to insufficient validation on the redirect url supplied via the 'url' parameter. This makes it possible for...

How to protect yourself from online harassment

It takes a little to receive a lot of online hate today, from simply working as a school administrator to playing a role in a popular movie or video game. But these moments of personal crisis have few, immediate solutions, as the current proposals to curb and stem online harassment zero in on the.....

yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)

Summary The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in --exec,...

yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)

Summary The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in --exec,...

A week in security (April 1 &#8211; April 7)

A list of topics we covered in the week of April 1 to April 7 of 2024 Last week on Malwarebytes Labs: 60% of small businesses are concerned about cybersecurity threats Cookie consent choices are just being ignored by some websites Bing ad for NordVPN leads to SecTopRAT Jackson County hit by...

Exploit for CVE-2024-25733

ARC Browser Address Bar Spoofing - iOS/iPadOS...

CVE-2024-31215

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s...

CVE-2024-31215

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s...

CVE-2024-31215

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s...

CVE-2024-31215 Mobile Security Framework (MobSF) vulnerable to Server-Side Request Forgery (SSRF) in firebase database check

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s...

Cisco Access Points Managed from Catalyst DoS (cisco-sa-ap-dos-h9TGGX6W)

According to its self-reported version, Cisco access points managed by this Cisco Catalyst 9800 Series Wireless Controller are affected by a denial of service vulnerability. Due to insufficient input validation of certain IPv4 packets, an unauthenticated, remote attacker can causing attached...

Google patches critical vulnerability for Androids with Qualcomm chips

In April’s update for the Android operating system (OS), Google has patched 28 vulnerabilities, one of which is rated critical for Android devices equipped with Qualcomm chips. You can find your device’s Android version number, security update level, and Google Play system level in your Settings...

CVE-2024-20310

A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface. This vulnerability exists...

CVE-2024-31393

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS &lt;...

CVE-2024-31393

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS &lt;...

CVE-2024-31393

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS &lt;...

CVE-2024-31392

If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS &lt;...

CVE-2024-31392

If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS &lt;...

CVE-2024-31392

If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS &lt;...

Cisco Unified Communications Manager IM & Presence Service Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface. This vulnerability exists...

CVE-2024-31393

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS &lt;...

CVE-2024-31392

If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS &lt;...

CVE-2024-31392

If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS &lt; 124. Notes Author| Note ---|--- tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine mdeslaur |.....

SUPERAntiSpyware Professional X 10.0.1264 DLL Hijacking / Privilege Escalation

...

Cisco IOS Software for Catalyst 6000 Series Switches DoS (cisco-sa-ios-dos-Hq4d3tZG)

According to its self-reported version, Cisco IOS is affected by a vulnerability. A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly. This vulnerability is due...

CVE-2024-31393

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS &lt; 124. Notes Author| Note ---|--- tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine mdeslaur | starting with.....

Trusted Advisor now available for Mac, iOS, and Android

First released for Windows last year, the Malwarebytes Trusted Advisor dashboard is also now available on Mac, iOS and Android. Our Trusted Advisor dashboard provides an easy-to-understand assessment of your device’s security, with a single comprehensive protection score, and clear, expert-driven.....

CVE-2023-6951

A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction...

CVE-2023-6951

A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction...

CVE-2023-6951

A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction...

Security Vulnerabilities fixed in Firefox for iOS 124 — Mozilla

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security...

CVE-2024-3130

Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling...

CVE-2024-3130

Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling...

CVE-2024-3130 Insecure Data Storage leading to sensitive Information disclosure.

Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling...

CVE-2024-28895

'Yahoo! JAPAN' App for Android v2.3.1 to v3.161.1 and 'Yahoo! JAPAN' App for iOS v3.2.2 to v4.109.0 contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the WebView of 'Yahoo! JAPAN' App via other app installed on the user's...