FreshRSS

🔒
△ 🔃
☐ ☆ ✇ The Hacker News

Apple Issues Updates for Older Devices to Fix Actively Exploited Vulnerability

By Ravie Lakshmanan — January 24th 2023 at 09:21
Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation. The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content. While it was originally addressed by the company on November
☐ ☆ ✇ The Hacker News

Cisco Warns of High-Severity Unpatched Flaw Affecting IP Phones Firmware

By Ravie Lakshmanan — December 10th 2022 at 05:52
Cisco has released a new security advisory warning of a high-severity flaw affecting IP Phone 7800 and 8800 Series firmware that could be potentially exploited by an unauthenticated attacker to cause remote code execution or a denial-of-service (DoS) condition. The networking equipment major said it's working on a patch to address the vulnerability, which is tracked as CVE-2022-20968 (CVSS score
☐ ☆ ✇ The Hacker News

Apple Releases iOS Update for Older iPhones to Fix Actively Exploited Vulnerability

By Ravie Lakshmanan — September 1st 2022 at 03:24
Apple on Wednesday backported security updates to older iPhones, iPads, and iPod touch devices to address a critical security flaw that has been actively exploited in the wild. The shortcoming, tracked as CVE-2022-32893 (CVSS score: 8.8), is an out-of-bounds write issue affecting WebKit that could lead to arbitrary code execution when processing maliciously crafted web content. WebKit is the
☐ ☆ ✇ The Hacker News

Xiaomi Phones with MediaTek Chips Found Vulnerable to Forged Payments

By Ravie Lakshmanan — August 12th 2022 at 12:20
Security flaws have been identified in Xiaomi Redmi Note 9T and Redmi Note 11 models, which could be exploited to disable the mobile payment mechanism and even forge transactions via a rogue Android app installed on the devices. Check Point said it found the flaws in devices powered by MediaTek chipsets during a security analysis of the Chinese handset maker's Trusted Execution Environment (TEE)
☐ ☆ ✇ The Hacker News

Hackers Targeting VoIP Servers By Exploiting Digium Phone Software

By Ravie Lakshmanan — July 16th 2022 at 06:33
VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system, downloads new payloads for execution, and schedules recurring tasks to re-infect the host system," Palo
❌