Apple released a security update for iOS and iPadOS to patch multiple vulnerabilities, including one that could leak sensitive information when visiting a malicious website and one that allows an attacker to display false information in the address bar.
In total, 29 vulnerabilities were patched, most of them in WebKit, Apple’s web rendering engine that powers Safari and renders webpages in other apps. The update is available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- SolarWinds Releases Critical Security Updates for Access Rights Manager
February 19, 2024
SolarWinds has released security updates addressing five remote code execution (RCE) vulnerabilities in Access Rights Manager (ARM). Path traversal vulnerabilities, CVE-2024-23476 and CVE-2024-23479, are both rated as critical with a CVSSv3 score of 9.6. An unauthenticated attacker could exploit these vulnerabilities, which could lead to RCE. Read more… Source: NHS Digital
- Microsoft Exchange vulnerability actively exploited
February 16, 2024
As it turns out, there was another actively exploited vulnerability included in Microsoft’s patch Tuesday updates for February. When Microsoft said in its update guide for CVE-2024-21410 that the vulnerability was likely to be exploited by attackers, they weren’t kidding. Soon after they changed the status to “Exploitation Detected”. The Exchange vulnerability is listed in the ...
- China: Foreign cyber spies attack information systems of key departments, enterprises, stealing sensitive data
February 16, 2024
China’s Ministry of State Security warned on Friday that in recent years, national security agencies have discovered that foreign cyber spies have continuously attacked the information systems of key departments and enterprises within China, resulting in the theft of important sensitive data and posing a threat to China’s data security and cybersecurity. The ministry released an ...
- Android/SpyNote Moves to Crypto Currencies
February 15, 2024
Like much Android malware today, this malware abuses the Accessibility API. This API is used to automatically perform UI actions. For example, the malicious sample uses the Accessibility API to record device unlocking gestures. Newer, this SpyNote sample uses the Accessibility API to target famous crypto wallets. Read more… Source: Fortinet
- The Risks Of The #Monikerlink Bug In Microsoft Outlook And The Big Picture
February 14, 2024
Recently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook to help the industry understand the security risks the popular Outlook app may bring into organizations. As mentioned in the paper, Check Point researches discovered an interesting ...
- CVE-2023-47218: QNAP QTS and QuTS Hero Unauthenticated Command Injection (FIXED)
February 13, 2024
Rapid7 has identified an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry- and mid-level Network Attached Storage (NAS) devices, and QuTS hero is a core part of the firmware for numerous QNAP high-end and enterprise NAS devices. ...