Vulnerability fixed in Microsoft Authenticator app

Microsoft has fixed a vulnerability in the Authenticator app for Android and iOS. A malicious party could exploit the vulnerability to gain access to sensitive data. Successful abuse requires the malicious party to trick the victim into installing a rogue app. This app can then be misused to...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple fixed vulnerabilities in iOS and iPadOS versions 18.7.3 and 26.2 The vulnerabilities include a use-after-free issue, a memory corruption, and a logging issue that allowed unauthorized access to sensitive user data. These vulnerabilities could be exploited by malicious parties via specially...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed several vulnerabilities in iOS and iPadOS. The vulnerabilities include memory management issues, unauthorized access to sensitive user data, and the ability for applications to escape their sandbox environments. These vulnerabilities could lead to unauthorized access, data...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Included in this update are updates to closed-source components from Qualcomm, Imagination Technologies and MediaTek. Samsung has fixed vulnerabilities in Samsung Mobile that are relevant to Samsung mobile devices. A malicious party can exploit the...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Included in this update are updates to closed-source components from Qualcomm, Imagination Technologies and MediaTek. Samsung has fixed vulnerabilities in Samsung Mobile that are relevant to Samsung mobile devices. A malicious party can exploit the...

Social Media Monitoring and Rogue App Detection in Akamai Brand Protector

...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Remote code execution Administrator/Root rights - Remote code execution User rights - Access to...

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User rights Access to sensitive data Access to system data Successful...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remot...

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS. A malicious party could exploit the vulnerabilities to circumvent a security measure circumvention or to grant himself elevated privileges and possibly execute code execute code with higher privileges than the user. Successful exploitation requires the...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed several vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root righ...

Vulnerabilities fixed in Apple macOS

Apple has fixed several vulnerabilities in macOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...

Vulnerabilities fixed in Android

Google has fixed vulnerabilities in the Android operating system. A malicious person could exploit them to cause the following categories of damage: Remote code execution Administrator/Root privileges Access to sensitive data Access to system data Increased user privileges To exploit the...

Researchers Find Counterfeit Phones with Backdoor to Hack WhatsApp Accounts

Budget Android device models that are counterfeit versions associated with popular smartphone brands are harboring multiple trojans designed to target WhatsApp and WhatsApp Business messaging apps. The malware, which Doctor Web first came across in July 2022, were discovered in the system partiti...

Vulnerability fixed in Apple iOS and iPadOS

Apple has fixed a vulnerability in iOS and iPadOS. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code with kernel privileges and thus access gain access to sensitive information or possibly install more malware install. Apple reports receiving reports...

Vulnerabilities fixed in Google Android

Google has fixed vulnerabilities in the Android OS. A malicious party can misuse the vulnerabilities to execute arbitrary code execute arbitrary code, gain access to sensitive data or to give themselves elevated privileges. To do this, the malicious party must trick the victim into installing a...

Vulnerabilities fixed in Apple macOS & iOS

Vulnerabilities have been fixed in macOS Catalina. The vulnerability with reference CVE-2021-30869 allows a malicious person to execute execute arbitrary code with root privileges. The malicious person must install a rogue application to exploit the vulnerability. exploit. Apple indicates that...

New Android Malware Steals Banking Passwords, Private Data and Keystrokes

A new type of mobile banking malware has been discovered abusing Android's accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes. Called "EventBot" by Cybereason researchers, the malware is...

Apple Takes Heat Over 'Vulnerable' iOS Cut-and-Paste Data

Any cut-and-paste data temporarily stored to an iPhone or iPad’s memory can be accessed by all apps installed on the specific device – even malicious ones. That data can then reveal private information such as a user’s GPS coordinates, passwords, banking data or a spreadsheet copied into an email...

A week in security (September 2 – 8)

Last week on Malwarebytes Labs, we looked at a smart social engineering toolkit, delved into TrickBot tampering with trusted texts, and explained five ways to help keep remote workers safe. Other cybersecurity news A new Chinese Deepfake app is under fire for privacy concerns related to the use o...