Apple Security Advisory 05-11-2026-2

Apple Security Advisory 05-11-2026-2 - iOS 18.7.9 and iPadOS 18.7.9 addresses buffer overflow, bypass, code execution, denial of service, information leakage, integer overflow, out of bounds write, resource exhaustion, and use-after-free vulnerabilities...

Rethinking Side-Channel Analysis: Automated Discovery and Analysis of Side-Channel Leakage with LLM-Assisted Agents

Side-channel attacks exploit unintended information leakage from system behavior and continue to pose serious privacy risks in modern platforms. Despite extensive prior work, side-channel analysis remains largely manual and fragmented, typically assuming predefined target events and a fixed set o...

CVE-2021-47973 Sticky Notes Widget 3.0.6 Denial of Service via Buffer Overflow

Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger ...

EUVD-2021-34832

Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger ...

CVE-2021-47973

CVE-2021-47973 relates to Sticky Notes Widget 3.0.6, where a denial-of-service can be triggered by pasting extremely long strings into note fields. The issue is demonstrated by a payload of 350,000 repeated characters pasted into a new note (twice) to crash the iOS application. Affected component...

SUSE CVE-2026-8560

Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-8584

Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-8585

Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-8560

Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-8560

Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-8585

Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-8585

Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-8584

Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-8585

Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-8585

Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-8584

Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-8560

Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-8560

Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-28958

A flaw was found in WebKitGTK. Processing or loading malicious web content can allow an app to access sensitive user data due to improper data protection. Mitigation Do not process or load untrusted web content with WebKitGTK. In Red Hat Enterprise Linux 7, the following packages require...

CVE-2026-28904

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling. Mitigation Do not process or load untrusted web content with WebKitGTK. In Red Hat Enterprise Linux 7, the following packages require WebKitGTK4:...