17 matches found
chromium -- security update
Chrome Releases reports: This update includes 1 security fix: 1497859 High CVE-2023-5996: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab via Tianfu Cup 2023 on 2023-10-30...
CVE-2019-16471 Use-After-Free in app.measureDialog - Tianfu Cup
Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2019-16470 CoolType.dll crash - Tianfu Cup
Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
Apple iOS Update Fixes Cringey iPhone 13 Jailbreak Exploit
As if the Log4Shell hellscape wasn’t already driving everybody starkers, it’s time to update iOS 15.2 and a crop of other Apple iGadgets, lest your iPhone get taken over by a malicious app that executes arbitrary code with kernel privileges. To paraphrase one mobile security expert, the iOS 15.2...
Latest Apple iOS Update Patches Remote Jailbreak Exploit for iPhones
Apple on Monday released updates to iOS, macOS, tvOS, and watchOS with security patches for multiple vulnerabilities, including a remote jailbreak exploit chain as well as a number of critical issues in the Kernel and Safari web browser that were first demonstrated at the Tianfu Cup held in China...
Microsoft Issues Patches for Actively Exploited Excel, Exchange Server 0-Day Bugs
Microsoft has released security updates as part of its monthly Patch Tuesday release cycle to address 55 vulnerabilities across Windows, Azure, Visual Studio, Windows Hyper-V, and Office, including fixes for two actively exploited zero-day flaws in Excel and Exchange Server that could be abused t...
Microsoft Nov. Patch Tuesday Fixes Six Zero-Days, 55 Bugs
Microsoft reported a total of 55 vulnerabilities, six of which are rated critical, with the remaining 49 being rated important. The flaws are found in Microsoft Windows and Windows Components, Azure, Azure RTOS, Azure Sphere, Microsoft Dynamics, Microsoft Edge Chromium-based, Exchange Server,...
Google Releases Urgent Chrome Update to Patch 2 Actively Exploited 0-Day Bugs
Google on Thursday rolled out an emergency update for its Chrome web browser, including fixes for two zero-day vulnerabilities that it says are being actively exploited in the wild. Tracked as CVE-2021-38000 and CVE-2021-38003, the weaknesses relate to insufficient validation of untrusted input i...
iPhone 13 Pro, Windows, Chrome, Linux and others pwned at Tianfu Cup
By Waqas Tianfu Cup is the Chinese version of the Pwn2own in Kunlun Lab managed to secure first place by hacking iPhone 13. This is a post from HackRead.com Read the original post: iPhone 13 Pro, Windows, Chrome, Linux and others pwned at Tianfu Cup...
Windows 10, Linux, iOS, Chrome and Many Others at Hacked Tianfu Cup 2021
Windows 10, iOS 15, Google Chrome, Apple Safari, Microsoft Exchange Server, and Ubuntu 20 were successfully broken into using original, never-before-seen exploits at the Tianfu Cup 2021, the fourth edition of the international cybersecurity contest held in the city of Chengdu, China. Targets this...
VMware Fixes Critical Flaw in ESXi Hypervisor
VMware has hurried out fixes for a critical flaw in its ESXi hypervisor, a few weeks after it was found during China’s Tianfu Cup hacking competition. The use-after-free vulnerability CVE-2020-4004 has a CVSS score of 9.3 out of 10, making it critical. It exists in the eXtensible Host Controller...
Tianfu Cup 2020: Hackers pwn Windows, iPhone, Chrome for big bucks
By Sudais Asif In total, ethical hackers earned $1.2 million in the bug bounty competition. This is a post from HackRead.com Read the original post: Tianfu Cup 2020: Hackers pwn Windows, iPhone, Chrome for big bucks...
Windows 10, iOS, Chrome, Firefox and Others Hacked at Tianfu Cup Competition
Multiple software products from Adobe, Apple, Google, Microsoft, Mozilla, and Samsung were successfully pwned with previously unseen exploits in Tianfu Cup 2020, the third edition of the international cybersecurity contest held in the city of Chengdu, China. "Many mature and hard targets have bee...
Windows 10, iOS, Chrome, Firefox and Others Hacked at Tianfu Cup Competition
Multiple software products from Adobe, Apple, Google, Microsoft, Mozilla, and Samsung were successfully pwned with previously unseen exploits in Tianfu Cup 2020, the third edition of the international cybersecurity contest held in the city of Chengdu, China. "Many mature and hard targets have bee...
Tianfu Cup Round-Up: Safari, Chrome, D-Link Routers and Office 365 Successfully Hacked
Hackers over the weekend successfully compromised widely used software and hardware–including browsers Safari and Chrome, D-Link routers and the Office 365 suite–using zero-day vulnerabilities at the annual Tianfu Cup gathering. The hacking competition, held in Chengdu, China, is very similar to...
In-the-wild iOS Exploit Chain 5
Posted by Ian Beer, Project Zero TL;DR This exploit chain is a three way collision between this attacker group, Brandon Azad from Project Zero, and @S0rryMybad from 360 security. On November 17th 2018, @S0rryMybad used this vulnerability to win $200,000 USD at the TianFu Cup PWN competition...
VMSA-2018-0030:VMware Workstation and Fusion updates address an integer overfLOW issue.
VMSA-2018-0030 VMware Workstation and Fusion updates address an integer overflow issue. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0030 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware Workstation and Fusion updates address an...