Apple released a security update for iOS and iPadOS to patch multiple vulnerabilities, including one that could leak sensitive information when visiting a malicious website and one that allows an attacker to display false information in the address bar.
In total, 29 vulnerabilities were patched, most of them in WebKit, Apple’s web rendering engine that powers Safari and renders webpages in other apps. The update is available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- In-depth analysis of July 2023 exploit chain featuring CVE-2023-36884 and CVE-2023-36584
November 13, 2023
During their analysis of a July 2023 campaign targeting groups supporting Ukraine’s admission into NATO, Unit 42 researchers discovered a new vulnerability for bypassing Microsoft’s Mark-of-the-Web (MotW) security feature. This activity has been attributed by the community to the pro-Russian APT group known as Storm-0978 (also known as the RomCom Group, in reference to their use ...
- Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
November 10, 2023
On October 31, 2023, Atlassian published an advisory on CVE-2023-22518, an Improper authorization vulnerability involving the Confluence Data Center and Server. Initially reported to cause data loss, it was eventually revealed that exploiting this vulnerability allows unauthorized users to reset and create a Confluence instance administrator account, allowing them to perform all admin privileges available to ...
- Maine government says data breach affects 1.3 million people
November 10, 2023
The government of Maine has confirmed over a million individuals had personal information stolen in a data breach earlier this year by a Russia-linked ransomware gang. In a statement published Thursday, the Maine government said hackers exploited a vulnerability in its MOVEit file-transfer system, which stored sensitive data on state residents. The hackers used the vulnerability ...
- CVE-2023-5950 Rapid7 Velociraptor Reflected XSS
November 10, 2023
This advisory covers a specific issue identified in Velociraptor and disclosed by a security code review. CVSS · HIGH · 8.6/10 · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Scoring scenario: GENERAL AattackVector: NETWORK AttackComplexity: LOW PrivilegesRequired: NONE Read more… Source: Rapid7
- CVE-2023-47246: SysAid Zero-Day Vulnerability Exploited By Lace Tempest
November 9, 2023
On November 8, 2023, IT service management company SysAid disclosed CVE-2023-47426, a zero-day path traversal vulnerability affecting on-premise SysAid servers. According to Microsoft’s threat intelligence team, it has been exploited in the wild by DEV-0950 (Lace Tempest) in “limited attacks.” In a social media thread published the evening of November 8, Microsoft emphasized that Lace Tempest ...
- SysAid warns customers to patch after ransomware gang caught exploiting new zero-day flaw
November 9, 2023
Software maker SysAid is warning customers that hackers linked to a notorious ransomware gang are exploiting a newly discovered vulnerability in its widely used IT service automation software. SysAid chief technology officer Sasha Shapirov confirmed in a blog post Wednesday that attackers are exploiting a zero-day flaw affecting its on-premises software. A vulnerability is considered a ...