New Apple Safari 15 vulnerability allows cross-site tracking of users’ data

A software flaw in Apple Safari 15’s implementation of the IndexedDB API could be used by a malicious website to track users’ online activities and worse expose their identities.    IndexedDB is a low-level JavaScript API for maintaining NoSQL databases of structured data items such as files and blobs that are supplied by web browsers. … Continue reading “New Apple Safari 15 vulnerability allows cross-site tracking of users’ data”

Apple releases emergency update to address the arbitrary code execution zero-day vulnerability (CVE-2021-30883)

On Monday, Apple released an iPhone security update to fix a major vulnerability that is being exploited in the wild. With the latest patch, the corporation has now resolved a total of 17 zero-days in 2021 – a new high.    The vulnerability CVE-2021-30883 involves a memory corruption flaw in the IOMobileFrameBuffer component. This flaw allows an application to run arbitrary … Continue reading “Apple releases emergency update to address the arbitrary code execution zero-day vulnerability (CVE-2021-30883)”

Apple Arbitrary Code Injection Vulnerability (CVE-2021-30869)

Apple provided security fixes to address a zero-day vulnerability on Thursday. The attackers have used it in the wild to break into iPhones and Macs running older versions of iOS and macOS. Apple has also provided patches for a previously patched security flaw exploited by NSO Group’s Pegasus surveillance tool to target iPhone users.  CVE-2021-30869 is a zero-day vulnerability. This is a type-confusion hole in Apple’s … Continue reading “Apple Arbitrary Code Injection Vulnerability (CVE-2021-30869)”

Apple Zero-Day Arbitrary Code Execution Vulnerabilities (CVE-2021-30858 and CVE-2021-30860)

Apple released an emergency security release on September 13, 2021 to address two arbitrary code execution vulnerabilities, CVE-2021-30858 and CVE-2021-30860. According to Apple, both vulnerabilities allow maliciously crafted documents to execute arbitrary code on vulnerable devices. Apple addressed the issue saying, “Apple is aware of a report that this issue may have been actively exploited.” … Continue reading “Apple Zero-Day Arbitrary Code Execution Vulnerabilities (CVE-2021-30858 and CVE-2021-30860)”

Apple Wireless Direct Link (AWDL) Denial of Service vulnerability(CVE-2020-3843)

Overview Apple Wireless Direct Link (AWDL), the wireless protocol that ensures uninterrupted communications among various Apple devices globally, was recently infected by, a trivial bug resulting into buffer overflow via kernel memory corruption in wi-fi driver of AWDL. Ian Beer, a google project zero researcher detailed out this vulnerability was exploitable on various iPhones and other iOS devices until May 2020. … Continue reading “Apple Wireless Direct Link (AWDL) Denial of Service vulnerability(CVE-2020-3843)”

Kr00k Wi-Fi Vulnerability (CVE-2019-15126)

Summary: In last week of February,2020, after MSPT, a serious vulnerability in Wi-Fi chips, formally known as CVE-2019-15126., very well known as Kr00K in the wild. Krook was hot topic to be discussed in RSA conference 2020. Description: What is Kr00k? Krook is a vulnerability  of the wireless egress packet implementation and processing of certain … Continue reading “Kr00k Wi-Fi Vulnerability (CVE-2019-15126)”

Out-of-Order Execution Side-Channel attack [Spectre/Meltdown]

A flaw in Out-of-Order execution mechanism allows user level programs to leak addresses of kernel and process memory space. This vulnerability can be exploited to bypass KASLR as well as CPU security features like SMAP,SMEP,NX and PXN. It can be exploited to bypass OS process isolation. The issue affects processors from Intel, AMD ,ARM, Samsung and … Continue reading “Out-of-Order Execution Side-Channel attack [Spectre/Meltdown]”

BlueBorne: Bluetooth Attack Vector

A new attack vector called ‘BlueBorne‘ has been discovered. The name is a play on the word ‘airborne’ as it allows attackers to take over devices on air-gapped networks. This attack was disclosed by Armis Lab. The vulnerabilities exploited by this attack affects Android, Linux, Windows, and iOS version less than 10. Targets can be compromised regardless of the … Continue reading “BlueBorne: Bluetooth Attack Vector”