Apple Safari, macOS Sequoia, iOS, and iPadOS are vulnerable to two security flaws being exploited in the wild. In the advisory, Apple mentioned that they are aware of a report that the vulnerabilities have been actively exploited on Intel-based Mac systems. Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group discovered both CVE-2024-44308 and … Continue reading “Apple Releases Fixes for Actively Exploited Zero-day Vulnerabilities (CVE-2024-44308 & CVE-2024-44309)”
Tag: Zero-day Vulnerabilities
Ivanti Releases Fixes for Multiple Vulnerabilities Impacting Cloud Services Appliance (CVE-2024-9379, CVE-2024-9380, & CVE-2024-9381)
Ivanti released a patch to address three Cloud Services Appliance (CSA) zero-day vulnerabilities actively exploited in attacks. CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381 are high and medium severity vulnerabilities that may allow an attacker with admin privileges to bypass restrictions, run arbitrary SQL statements, or obtain remote code execution. Ivanti mentioned in the advisory, “We are aware … Continue reading “Ivanti Releases Fixes for Multiple Vulnerabilities Impacting Cloud Services Appliance (CVE-2024-9379, CVE-2024-9380, & CVE-2024-9381)”
Apple Releases Patch for Zero-day Vulnerabilities Used in Attack Against iOS and macOS (CVE-2024-23222, CVE-2023-42916, & CVE-2023-42917)
Threat actors are using CVE-2024-23222, CVE-2023-42916, and CVE-2023-42917 vulnerabilities in attacks against iOS and Macs. Apple has addressed the vulnerabilities in products such as Safari, iOS, iPadOS, macOS, watchOS, and tvOS. Along with the zero-day vulnerability, Apple has addressed multiple vulnerabilities affecting its popular products. CISA has added the CVE-2024-23222 to its Known Exploited Vulnerabilities Catalog, … Continue reading “Apple Releases Patch for Zero-day Vulnerabilities Used in Attack Against iOS and macOS (CVE-2024-23222, CVE-2023-42916, & CVE-2023-42917)”
Apple Addressed Two Zero-day Vulnerabilities Affecting iOS and iPadOS (CVE-2023-42824 & CVE-2023-5217)
Apple has released an emergency update to fix an actively exploited zero-day vulnerability. CVE-2023-42824 is a critical severity vulnerability affecting iPhones and iPads. A local attacker can exploit the vulnerability that exists in the XNU kernel to gain privileges. Apple has fixed the vulnerability with improved checks. Apple has mentioned in their advisories that they … Continue reading “Apple Addressed Two Zero-day Vulnerabilities Affecting iOS and iPadOS (CVE-2023-42824 & CVE-2023-5217)”
Apple Releases Emergency Updates to Address Zero-day Vulnerabilities in macOS Ventura, iOS, and iPadOS (CVE-2023-41064 & CVE-2023-41061)
The Citizen Lab at The University of Torontoʼs Munk School has discovered two critical severity vulnerabilities in Apple macOS Ventura, iOS, and iPadOS. Tracked as CVE-2023-41064 and CVE-2023-41061, the vulnerabilities may allow an attacker to perform arbitrary code execution. Apple is aware of the active exploitation of these vulnerabilities. The Citizen Lab has mentioned in … Continue reading “Apple Releases Emergency Updates to Address Zero-day Vulnerabilities in macOS Ventura, iOS, and iPadOS (CVE-2023-41064 & CVE-2023-41061)”
Multiple Vulnerabilities in Notepad++ Allow Attackers to Perform Arbitrary Code Execution
Notepad++ is vulnerable to multiple buffer overflow vulnerabilities that may allow attackers to execute arbitrary code on target systems. The CVEs are being tracked as CVE-2023-40031, CVE-2023-40036, CVE-2023-40164, and CVE-2023-40166. These vulnerabilities’ severity ratings and CVSS scores range from 5.5 (Medium) to 7.8 (High). Jaroslav Lobačevski discovered the vulnerabilities from GHSL. Don Ho developed Notepad++. … Continue reading “Multiple Vulnerabilities in Notepad++ Allow Attackers to Perform Arbitrary Code Execution”
Adobe ColdFusion Vulnerabilities Exploited in the Attacks in Dropping Webshell (CVE-2023-29298, CVE-2023-29300, and CVE-2023-38203)
Attackers exploit two Adobe ColdFusion vulnerabilities to bypass authentication and perform remote code execution. CVE-2023-29298 and CVE-2023-38203 can be chained to conduct attacks on Adobe ColdFusion environments. CISA has added CVE-2023-29298 and CVE-2023-38205 to its Known Exploited Vulnerabilities Catalog, recommending users patch before August 10. On January 8, 2024, CISA added the CVE-2023-29300 and CVE-2023-38203 … Continue reading “Adobe ColdFusion Vulnerabilities Exploited in the Attacks in Dropping Webshell (CVE-2023-29298, CVE-2023-29300, and CVE-2023-38203)”
Apple Patches Actively Exploited Zero-day Vulnerabilities in iOS and iPadOS (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439)
Apple has released multiple security advisories to address vulnerabilities in macOS, Safari, iOS, and iPadOS. Apple has mentioned in the advisory that they are aware of a report that the vulnerabilities may have been actively exploited. CVE-2023-32434 and CVE-2023-32435 were discovered by Georgy Kucherin, Leonid Bezvershenko, and Boris Larin of Kaspersky, while CVE-2023-32439 was reported to … Continue reading “Apple Patches Actively Exploited Zero-day Vulnerabilities in iOS and iPadOS (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439)”
VMware Workstation and VMware Fusion Zero-day Vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, & CVE-2023-20872)
VMware has released a security advisory to address four vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, & CVE-2023-20872). Out of this, two vulnerabilities can be chained to perform remote code execution on the vulnerable Workstation and Fusion software hypervisors. On the second day of the Pwn2Own Vancouver 2023 hacking competition, the security researchers from the STAR Labs team … Continue reading “VMware Workstation and VMware Fusion Zero-day Vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, & CVE-2023-20872)”
Mozilla Releases Patches for Two Zero-day Vulnerabilities Affecting Firefox and Thunderbird (CVE-2022-1802, CVE-2022-1529)
Mozilla has released a security patch to address two zero-day vulnerabilities (CVE-2022-1802 and CVE-2022-1529) exploited during the Pwn2Own Vancouver 2022 hacking contest. Successful exploitation of these vulnerabilities allows attackers to get JavaScript code execution on mobile and desktop devices running vulnerable versions of Firefox, Firefox ESR, Firefox for Android, and Thunderbird. The ability to … Continue reading “Mozilla Releases Patches for Two Zero-day Vulnerabilities Affecting Firefox and Thunderbird (CVE-2022-1802, CVE-2022-1529)”
