tldrdaily.news logo
Tag

Zero Day Flaws

All articles tagged with #zero day flaws

technology1 year ago

"Apple Urges Immediate Device Updates to Fix Actively Exploited iOS Zero-Day Flaws"

Apple has released critical security updates to address two actively exploited zero-day vulnerabilities in its iOS and iPadOS, allowing attackers to bypass kernel memory protections. The updates are available for specific device models, and this marks the third zero-day flaw addressed by Apple in 2024. Additionally, the U.S. CISA has added two more known exploited vulnerabilities to its catalog, urging federal agencies to apply necessary updates by March 26, 2024.

via The Hacker News|
#apple#exploited-vulnerabilities#ios
cybersecurity1 year ago

"Ivanti Zero-Day Vulnerabilities Spark Security Concerns"

Ivanti has disclosed two new high-severity zero-day flaws in its Connect Secure and Policy Secure products, with one already being actively exploited. The vulnerabilities include a privilege escalation flaw and a server-side request forgery issue. Ivanti has released fixes for the affected versions and recommends customers to factory reset their appliance before applying the patch. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning about adversaries leveraging these flaws to capture credentials and compromise enterprise networks.

via The Hacker News|
#cybersecurity#exploitation#ivanti
technology2 years ago

Apple's Emergency Updates Patch Critical Security Flaws on Older iPhones

Apple has released emergency security updates to address two zero-day vulnerabilities found in the WebKit browser engine, which is used by Safari across Apple's platforms. These flaws could allow attackers to access sensitive data and execute arbitrary code on unpatched devices. The updates cover older iPhones, Apple Watch, and Apple TV models. The vulnerabilities were discovered by a security researcher from Google's Threat Analysis Group (TAG), and while Apple has not provided details on their exploitation, Google TAG has previously identified zero-day flaws used in state-sponsored surveillance attacks. This marks the 20th zero-day vulnerability patched by Apple this year.

via BleepingComputer|
#apple#exploitation#security-updates
cyber-threat-vulnerability2 years ago

Cisco Devices Hacked with Evading Backdoor Implant and Zero-Day Exploits

The backdoor implant on hacked Cisco devices, which exploited zero-day flaws in IOS XE software, has been modified by the threat actor to evade detection. The implant now only responds if the correct Authorization HTTP header is set, making it harder to detect. Cisco has started rolling out security updates to address the issues, but the exact identity of the threat actor is unknown. The number of compromised devices has decreased from 40,000 to a few hundred, possibly due to under-the-hood changes. Over 37,000 devices are still observed to be compromised.

via The Hacker News|
#backdoor-implant#cisco#cyber-threat-vulnerability
technology2 years ago

Apple Releases Urgent Updates to Fix 3 Zero-Day Vulnerabilities

Apple has released security patches to address three zero-day vulnerabilities that were actively exploited in iOS, iPadOS, macOS, watchOS, and Safari. This brings the total number of zero-day bugs discovered in Apple software this year to 16. The vulnerabilities include a certificate validation issue, a security flaw in the Kernel, and a WebKit flaw that could lead to arbitrary code execution. The flaws may have been used in targeted spyware attacks against individuals at risk. Apple recently resolved two other zero-days used in the Pegasus spyware attack.

via The Hacker News|
#apple#ios#macos
technology2 years ago

Apple's Urgent Response: Patching Zero-Day Flaws Targeted by Pegasus Spyware on iPhones

Apple has released emergency security updates for its operating systems to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus spyware. The vulnerabilities, one found by Citizen Lab and the other discovered internally by Apple, allow for arbitrary code execution and have been weaponized as part of a zero-click iMessage exploit chain named BLASTPASS. The flaws bypass Apple's BlastDoor sandbox framework and have been used to compromise fully-patched iPhones running the latest version of iOS. This comes as the Chinese government bans the use of iPhones and other foreign-branded devices by central and state government officials due to cybersecurity concerns.

via The Hacker News|
#apple#cybersecurity#ios
cybersecurity2 years ago

US Govt and Apple Issue Urgent Patches for iPhone Vulnerabilities

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has ordered federal agencies to patch three recently discovered zero-day flaws affecting iPhones, Macs, and iPads that have been exploited in attacks. The bugs allow attackers to access sensitive information and execute arbitrary code. Apple has acknowledged that the flaws may have been actively exploited. The affected devices include iPhones 6s and later, iPads, Macs, Apple Watches, and Apple TVs. The bugs were addressed in recent updates, and federal agencies must apply the patches by June 12th, 2023. The flaws were likely exploited in state-sponsored spyware attacks.

via BleepingComputer|
#cisa#cybersecurity#iphone
zero-day-endpoint-security2 years ago

Apple Releases Emergency Patches for 3 Zero-Day Vulnerabilities.

Apple has released emergency security updates for iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address three new zero-day vulnerabilities that are being actively exploited in the wild. The flaws are related to WebKit and could allow malicious actors to break out of the Web Content sandbox, disclose sensitive information, and execute arbitrary code. Apple has credited researchers from Google's Threat Analysis Group and Amnesty International's Security Lab for reporting the flaws. This marks the sixth time Apple has remediated actively exploited zero-days since the start of 2023.

via The Hacker News|
#apple#exploits#security-updates
technology2 years ago

Apple issues emergency patches for zero-day vulnerabilities on iPhones, iPads, and Macs.

Apple has released emergency updates to address two actively exploited zero-day flaws affecting older iPhones, iPads, and Macs. The flaws were reported by security researchers and were being exploited in attacks as part of an exploit chain. Apple has patched the bugs in iOS 15.7.5 and iPadOS 15.7.5, macOS Monterey 12.6.5, and macOS Big Sur 11.7.6 by improving input validation and memory management. The company has also patched the flaws on several devices, including iPhone 6s, iPhone 7, iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), iPod touch (7th generation), and Macs running macOS Monterey and Big Sur.

via BleepingComputer|
#apple#ios#macs
technology2 years ago

"Apple Urges Immediate Updates to Patch Critical Security Flaws on iPhones, iPads, and Macs"

Apple has released emergency security updates to fix zero-day vulnerabilities that have already been exploited by hackers to attack iPhones, iPads, and Macs. The first flaw is an IOSurfaceAccelearator out-of-bounds write that could lead to data corruption, crashes, or code execution. The second zero-day is a WebKit use after free flaw that allows for data corruption or arbitrary code execution. Apple has fixed both vulnerabilities with the release of iOS 16.4.1, iPadOS 16.4.1, macOS Ventura 13.3.1, and Safari 16.4.1. Users are advised to install the latest updates to protect their devices from cyberattacks and malware.

via Tom's Guide|
#apple#cyberattacks#malware