GHSA-7XPV-4PM9-XCH2 mx-chain-go does not treat invalid transaction with wrong username correctly

Impact Metachain cannot process a cross-shard miniblock. An invalid transaction with the wrong username on metachain is not treated correctly on the metachain transaction processor. This is strictly a processing issue that could have happened on MultiversX chain. If an error like this had occurre...

Cross site scripting

mx-chain-go is an implementation of the MultiversX blockchain protocol written in the Go language. Metachain cannot process a cross-shard miniblock. Prior to version 1.4.16, an invalid transaction with the wrong username on metachain is not treated correctly on the metachain transaction processor...

CVE-2023-33964

mx-chain-go corresponds to MultiversX chain code. Before version 1.4.16, an invalid cross-shard miniblock caused by a wrong username on metachain was not handled correctly, potentially stopping notarization of shard blocks. The patch introduced processIfTxErrorCrossShard in the metachain transact...

CVE-2023-33964 mx-chain-go does not treat invalid transaction with wrong username correctly

mx-chain-go is an implementation of the MultiversX blockchain protocol written in the Go language. Metachain cannot process a cross-shard miniblock. Prior to version 1.4.16, an invalid transaction with the wrong username on metachain is not treated correctly on the metachain transaction processor...

CVE-2023-33964 mx-chain-go does not treat invalid transaction with wrong username correctly

mx-chain-go is an implementation of the MultiversX blockchain protocol written in the Go language. Metachain cannot process a cross-shard miniblock. Prior to version 1.4.16, an invalid transaction with the wrong username on metachain is not treated correctly on the metachain transaction processor...

MacOS Malware: Myth vs. Truth – Podcast

Remember those ads with a sneezing guy in a suit who says he’s a PC and to stay away, he’s got that nasty virus that’s going around? “That’s OK,” says the young, hip guy in blue jeans: He’s a Mac. … as if any machine that runs code could possibly be immune to malware…? Boy, was that a stretch. Th...

Exploit for Out-of-bounds Write in Apple Macos

CVE-2021-30853 A simple POC script to test for CVE-2021-30657...

Old Gatekeeper bypass vulnerability in macOS exploited

THREAT LEVEL: Amber For a detailed advisory, download the pdf file here A gatekeeper bypass vulnerability exists in macOS Big Sur and has been assigned CVE-2021-30853. An attacker can exploit this issue by using a specially-crafted script-based application downloaded from the Internet. This allow...

Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security

Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to "trivially and reliably" bypass a "myriad of foundational macOS security mechanisms" and run arbitrary code. Security researcher Patrick Wardle detailed the discove...

Exploit for Missing Authorization in Apple Mac_Os_X

CVE-2021-30657 A simple POC for CVE-2021-30657 affecting MacOS...

Apple confirms Macs get malware

Anyone following the court case between Epic and Apple is undoubtedly already aware of the "bombshell" dropped by Apples Craig Federighi yesterday. For those not in the know, Federighi, as part of his testimony relating to the security of Apples mobile device operating system, iOS, stated that "w...

Apple Patches Zero-Day MacOS Bypass Bug

Apple patched a zero-day vulnerability in its MacOS that can bypass critical anti-malware capabilities and which a variant of the notorious Mac threat Shlayer adware dropper already has been exploiting for several months. Security researcher Cedric Owens first discovered the vulnerability, tracke...

Hackers Exploit 0-Day Gatekeeper Flaw to Attack macOS Computers

Security is only as strong as the weakest link. As further proof of this, Apple released an update to macOS operating systems to address an actively exploited zero-day vulnerability that could circumvent all security protections, thus permitting unapproved software to run on Macs. The macOS flaw,...

A week in security (August 31 – September 6)

Last week on Malwarebytes Labs, we dug into security hubris on the Lock and Code podcast, explored ways in which Apple’s notarization process may not be hitting all the right notes, and detailed a new web skimmer. We also explained how to keep distance learners secure, talked about PCI DSS...

Apple Accidentally Notarizes Shlayer Malware Used in Adware Campaign

Apple accidentally approved one of the most popular Mac malware threats – OSX.Shlayer – as part of its security notarization process. The Apple notary service is an automated system on recent macOS versions that scans software ranging from macOS apps, kernel extensions, disk images and installer...

Apple’s notarization process fails to protect

In macOS Mojave, Apple introduced the concept of notarization, a process that developers can go through to ensure that their software is malware-free and must go through for their software to run on macOS Catalina. This is meant to be another layer in Apples protection against malware...

Apple Accidentally Approved Malware to Run on MacOS

The ubiquitous Shlayer adware has picked up a new trick, slipping past Cupertino's “notarization” defenses for the first time...

Black Hat 2020: 'Zero-Click' MacOS Exploit Chain Uses Microsoft Office Macros

A new “zero-click” MacOS exploit chain could allow attackers to deliver malware to MacOS users using a Microsoft Office document with macros. The attack bypasses security measures that both Microsoft and Apple have put in place to protect MacOS users from malicious macros. The exploit chain,...

CVE-2020-11694

In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3...

CVE-2020-11694

In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3...