Oct 05, 2024Ravie LakshmananData Privacy / Mobile Security Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user’s passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords … Read more
Weird Zimbra Vulnerability Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit. In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren’t likely to lead to mass infections that could install ransomware or … Read more
Sep 13, 2024Ravie LakshmananDigital Actuality / Vulnerability Particulars have emerged a few now-patched safety flaw impacting Apple’s Imaginative and prescient Professional blended actuality headset that, if efficiently exploited, may permit malicious attackers to deduce knowledge entered on the machine’s digital keyboard. The assault, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865. “A novel assault … Read more
Sep 14, 2024Ravie LakshmananEnterprise Safety / Risk Intelligence Ivanti has revealed {that a} newly patched safety flaw in its Cloud Service Equipment (CSA) has come underneath lively exploitation within the wild. The high-severity vulnerability in query is CVE-2024-8190 (CVSS rating: 7.2), which permits distant code execution underneath sure circumstances. “An OS command injection vulnerability in … Read more
Apache patched a bypass vulnerability in its extensively used Apache OFBiz open-source enterprise useful resource and planning software program that would have led to an unauthenticated distant code execution on the Linux and Home windows platforms. In a Sept. 5 weblog submit, researchers at Rapid7 defined that even an attacker missing legitimate credentials may exploit … Read more