Linux Distros Unpatched Vulnerability : CVE-2011-4692

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading,...

PT-2023-8192 · Apple +7 · Ipados +13

Name of the Vulnerable Software and Affected Versions: watchOS versions prior to 10 iOS versions prior to 17 iPadOS versions prior to 17 tvOS versions prior to 17 macOS versions prior to Sonoma 14 Safari versions prior to 17 Description: The issue is related to a use-after-free problem in the...

Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS, iPadOS, macOS, and Safari

Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild. The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors to achieve arbitrary code execution when...

Apple Issues Urgent Security Update for Older iOS and iPadOS Models

Apple on Monday backported fixes for an actively exploited security flaw to older iPhone and iPad models. The issue, tracked as CVE-2023-23529, concerns a type confusion bug in the WebKit browser engine that could lead to arbitrary code execution. It was originally addressed by the tech giant wit...

⚡Top Cybersecurity News Stories This Week — Cybersecurity Newsletter

Hey 👋 there, cyber friends! Welcome to this week's cybersecurity newsletter , where we aim to keep you informed and empowered in the ever-changing world of cyber threats. In today's edition, we will cover some interesting developments in the cybersecurity landscape and share some insightful...

SUSE CVE-2010-1760

loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150...

SUSE CVE-2015-6786

The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security Policy CSP implementation in Google Chrome before 47.0.2526.73 accepts a blob:, data:, or filesystem: URL as a match for a pattern, which allows remote attackers to bypass intended scheme...

Update now! Apple patches another actively used zero-day

Apple has released patches for iOS 15.3, iPadOS 15.3, and macOS Monterey 12.2 and is urging users to update. The most significant reasons are two actively exploited zero-day vulnerabilities, one of which has a publicly disclosed Proof-of-Concept PoC. Using this vulnerability, designated...

Apple iOS 缓冲区错误漏洞

Apple iOS is an operating system developed by Apple Inc. for mobile devices. Apple iOS suffers from a buffer error vulnerability that stems from a boundary error in WebKit. The following products and versions are affected: Apple iOS: 12.0 16A366, 12.0 16A367, 12.0.1 16A404, 12.0.1 16A405, 12.1...

WebKitGTK+ WebKitFaviconDatabase DoS

This module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset. If successful, it could lead to application crash, resulting in denial of service. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...

UBUNTU-CVE-2013-0912

WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion."...

Webkit Normalize Bug - Android 2.2

LOADING... var elem1 = document.getElementById"test1"; var elem2 = document.getElementById"test2"; var elem3 = document.getElementById"test3"; function spray for var i = 0; i 180000; i++ var s = new Stringunescape"\u0052\u0052"; // "\u0056\u0056" FOR EMULATOR var scode = unescape"\u5200\u5200"; /...

Google Android 2.0 < 2.1 - Code Execution (Reverse Shell 10.0.2.2:2222/TCP)

// bug = webkit code execution CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 // listed as a safari bug but also works on android : //tested = moto droid 2.0.1 , moto droid 2.1 , emulater 2.0 - 2.1 //patched= android 2.2 //author = mj // hardcoded to return a shell to...

CVE-2010-3119

Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not properly support the Ruby language, which allows attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...