Apple released a security update for iOS and iPadOS to patch multiple vulnerabilities, including one that could leak sensitive information when visiting a malicious website and one that allows an attacker to display false information in the address bar.
In total, 29 vulnerabilities were patched, most of them in WebKit, Apple’s web rendering engine that powers Safari and renders webpages in other apps. The update is available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hands up who DIDN’T exploit this years-old flaw to ransack a US govt web server…
March 15, 2023
Multiple criminals, including at least potentially one nation-state group, broke into a US federal government agency’s Microsoft Internet Information Services web server by exploiting a critical three-year-old Telerik bug to achieve remote code execution. The snafu happened between November 2022 and early January, according to a joint alert from the FBI, CISA, and America’s Multi-State Information ...
- Magniber ransomware actors used a variant of Microsoft SmartScreen bypass
March 14, 2023
Google’s Threat Analysis Group (TAG) recently discovered usage of an unpatched security bypass in Microsoft’s SmartScreen security feature, which financially motivated actors are using to deliver the Magniber ransomware without any security warnings. The attackers are delivering MSI files signed with an invalid but specially crafted Authenticode signature. The malformed signature causes SmartScreen to return ...
- SAP releases security updates fixing five critical vulnerabilities
March 14, 2023
Software vendor SAP has released security updates for 19 vulnerabilities, five rated as critical, meaning that administrators should apply them as soon as possible to mitigate the associated risks. The flaws fixed this month impact many products, but the critical severity bugs affect SAP Business Objects Business Intelligence Platform (CMC) and SAP NetWeaver. Read more… Source: Bleeping Computer
- Microsoft fixes Windows zero-day exploited in ransomware attacks
March 14, 2023
Microsoft has patched another zero-day bug used by attackers to circumvent the Windows SmartScreen cloud-based anti-malware service and deploy Magniber ransomware payloads without raising any red flags. The attackers have been using malicious MSI files signed with a specially crafted Authenticode signature to exploit this security feature bypass vulnerability (tracked as CVE-2023-24880). Read more… Source: Bleeping Computer Related story: ...
- Fortinet warns of new critical unauthenticated RCE vulnerability
March 8, 2023
Fortinet has disclosed a “Critical” vulnerability impacting FortiOS and FortiProxy, which allows an unauthenticated attacker to execute arbitrary code or perform denial of service (DoS) on the GUI of vulnerable devices using specially crafted requests. This buffer underflow vulnerability is tracked as CVE-2023-25610 and has a CVSS v3 score of 9.3, rating it critical. This type ...
- These DrayTek routers are under actual attack – and there’s no patch
March 8, 2023
If you’re still using post-support DrayTek Vigor routers it may be time to junk them, or come up with some other workaround, as a cunning malware variant is setting up shop in the kit. The operators behind the Hiatus malware campaign are hijacking DrayTek Vigor router models 2960 and 3900 powered by MIPS, i386 and Arm-based ...