Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS.
To check if you’re using the latest software version, go to Settings (or System Settings) > General > Software Update. It’s also worth turning on Automatic Updates if you haven’t already, which you can do on the same screen. Noteworthy is a vulnerability in the open-source XML parser libexpat tracked as CVE-2024-45490. This vulnerability has been patched in several popular applications since it was discovered in August.
Read more…
Source: Malwarebytes Labs
Related:
- Apple security updates fix 2 zero-days used to hack iPhones, Macs
August 17, 2022
Apple has released emergency security updates today to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs. Zero-day vulnerabilities are security flaws known by attackers or researchers before the software vendor has become aware or been able to patch them. In many cases, zero-days have public proof-of-concept exploits or are actively ...
- Google, Apple squash exploitable browser bugs
August 17, 2022
Google has issued 11 security fixes for desktop Chrome, including one bug that has an exploit for it out in the wild. That high-severity vulnerability, tracked as CVE-2022-2856, is an improper input validation bug, and as per usual, Google doesn’t release many details about it until the bulk of Chrome users are updated and the code ...
- Palo Alto Networks Releases Security Update for PAN-OS
August 10, 2022
Palo Alto Networks has released a security update to address a vulnerability in PAN-OS firewall configurations. A remote attacker could exploit this vulnerability to conduct a reflected denial-of service. CISA encourages users and administrators to review the Palo Alto Networks Security Advisory CVE-2022-0028 and apply the necessary updates or workarounds. Read more… Source: U.S. Cybersecurity and Infrastructure Security ...
- 730K WordPress sites force-updated to patch critical plugin bug
June 16, 2022
WordPress sites using Ninja Forms, a forms builder plugin with more than 1 million installations, have been force-updated en masse this week to a new build that addresses a critical security vulnerability likely exploited in the wild. The vulnerability is a code injection vulnerability affecting multiple Ninja Forms releases, starting with version 3.0 and up. Wordfence threat ...
- Microsoft fixes under-attack Windows zero-day Follina
June 15, 2022
Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities. Follina, eventually acknowledged by Redmond in a security advisory last month, is the most significant of the bunch as it has already been exploited in the wild. Criminals and ...
- Android patches incoming for NAS-ty memory overwrite flaw
June 3, 2022
A critical flaw in the LTE firmware of the fourth-largest smartphone chip biz in the world could be exploited over the air to block people’s communications and deny services. The vulnerability in the baseband – or radio modem – of UNISOC’s chipset was found by folks at Check Point Research who were looking for ways the ...