16 matches found
CVE-2026-44225 Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files
Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...
EUVD-2017-16184
Malware in sbrugna...
EUVD-2025-8971
Malicious code in bioql PyPI...
CVE-2025-24221
This issue was addressed with improved data access restriction. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, visionOS 2.4. Sensitive keychain data may be accessible from an iOS backup...
CVE-2025-24221
This issue was addressed with improved data access restriction. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, visionOS 2.4. Sensitive keychain data may be accessible from an iOS backup...
CVE-2025-24221
This issue was addressed with improved data access restriction. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6. Sensitive keychain data may be accessible from an iOS backup...
CVE-2025-24221
CVE-2025-24221 affects Apple devices and is addressed by patches in visionOS 2.4, iOS 18.4, iPadOS 18.4, and iPadOS 17.7.6. The root cause is improved data access restriction that prevents unauthorized exposure of keychain data in iOS backups. Impact is that sensitive keychain data may have been ...
About the security content of iPadOS 17.7.6
About the security content of iPadOS 17.7.6 This document describes the security content of iPadOS 17.7.6. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
Apple iOS和Apple iPadOS 安全漏洞
Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS and Apple iPadOS that stems from insufficiently restricted data access, which...
Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware
Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users. The ongoing infostealer attacks targeting macOS users may have adopted different methods to compromise victims' Macs, but operate with the end...
Pilfered Keys: Free App Infected by Malware Steals Keychain Data
Open-source applications are a practical way to save money while keeping up with your productivity. However, this can be abused by threat actors to steal your data. Find out how one app was used to gather information of Apple users...
QIWI: Keychain data persistence may lead to account takeover
Summary When user deletes Qiwi iOS application Keychain isn't wiped and on first Qiwi launch after re-installation Keychain isn't wiped as well. It allows an attacker possible buyer of second hand Iphone to takeover account. Steps to reproduce 1. Find somebody who uses Qiwi phone enumeration may...
iPhone Zero-Days Anchored Watering-Hole Attacks
A total of 14 iPhone vulnerabilities – including two that were zero-days when discovered — have been targeted by five exploit chains in a watering hole attack that has lasted years. The watering holes deliver a spyware implant that can steal private data like iMessages, photos and GPS location in...
Security feature bypass
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Security" component. It allows attackers to track users across installs via a crafted app that leverages Keychain data mishandling...
CVE-2017-7146
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Security" component. It allows attackers to track users across installs via a crafted app that leverages Keychain data mishandling...
Apple OS X Keychain Entry Access Vulnerability
Apple OS X is an operating system developed by Apple Inc. Apple OS X has a security vulnerability that allows an attacker to exploit the vulnerability to access the target user's Keychain entries and obtain sensitive information...