WebKit vulnerabilities refer to security flaws in Apple’s web rendering engine, which powers Safari, Mail, and the App Store on iOS and macOS.
What this means is that the CVE-2026-20643 vulnerability makes it possible for a malicious website to pretend to be another site, maybe one you trust, and then read or steal information that should be kept separate. Normally, browsers enforce a rule called the “same‑origin policy,” which is like a strict fence that stops one site from peeking into another site’s data. This bug could help cybercriminals cut through that fence. In practical terms, an attacker would first have to lure you to a specially crafted web page.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hackers are using this new attack method to target power companies
July 10, 2017
Phishing emails, used to steal credentials from critical infrastructure firms, can silently harvest data without even using macros, researchers have warned. Hackers are targeting energy companies, including those working in nuclear power and other critical infrastructures providers, with a technique that puts a new spin on a tried-and-tested form of cyberattack. Phishing has long been a successful ...
- Intel AMT bug bit Siemens industrial PCs
July 3, 2017
You don’t need state-sponsored hackers to crack industrial control systems, just an empty Intel AMT login – something Siemens started patching against last week. The bug in Intel’s Active Management Technology emerged in June. It allowed a user to exploit AMT features with an empty login string, and has been shipping in processors since 2010. In Siemens’s ...
- Wikileaks Reveals CIA Malware that Hacks & Spy On Linux Computers
June 30, 2017
WikiLeaks has just published a new batch of the ongoing Vault 7 leak, this time detailing an alleged CIA project that allowed the agency to hack and remotely spy on computers running the Linux operating systems. Dubbed OutlawCountry, the project allows the CIA hackers to redirect all outbound network traffic on the targeted computer to CIA ...
- Your Linux Machine Can Be Hacked Remotely With Just A Malicious DNS Response
June 28, 2017
A critical vulnerability has been discovered in Systemd, the popular init system and service manager for Linux operating systems, that could allow remote attackers to potentially trigger a buffer overflow to execute malicious code on the targeted machines via a DNS response. The vulnerability, designated as CVE-2017-9445, actually resides in the ‘dns_packet_new‘ function of ‘systemd-resolved,’ a ...
- Siemens Patches Vulnerabilities in SIMATIC CP, XHQ
June 23, 2017
Siemens patched two vulnerabilities in products commonly found in industrial control system setups this week. If exploited the flaws could allow an attacker to perform administrative actions or gain read access to sensitive data on affected systems. Siemens patched one issue (.PDF) on Tuesday and the other on Thursday (.PDF) this week. ICS-CERT, the Department of ...
- Virgin Media tells 800,000 users to change passwords over hub hacking risk
June 23, 2017
Virgin Media is advising more than 800,000 customers with a specific router to change their password immediately after an investigation found hackers could gain access to it. Virgin Media said the risk to customers with a Super Hub 2 router was small, but advised them to change both their network and router passwords if they were ...