zero day

CISA adds zero-day bugs in iPhones, Macs, and iPads to its Known Exploited Vulnerabilities catalog

US Cybersecurity and Infrastructure Security Agency (CISA) added two flaws in iPhones, Macs, and iPads to its Known Exploited Vulnerabilities catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following five new issues to its Known Exploited Vulnerabilities Catalog: This week Apple has released emergency security updates to address the above actively exploited zero-day […]

The post CISA adds zero-day bugs in iPhones, Macs, and iPads to its Known Exploited Vulnerabilities catalog appeared first on Security Affairs.

April 10, 2023
0 comment
Read More >>

Apple addressed two actively exploited zero-day flaws

Apple released emergency security updates to address two actively exploited zero-day vulnerabilities impacting iPhones, Macs, and iPads. Apple has released emergency security updates to address two actively exploited zero-day vulnerabilities, tracked as CVE-2023-28205 and CVE-2023-28206, impacting iPhones, Macs, and iPads. Impacted devices include: Both vulnerabilities were reported by Clément Lecigne of Google’s Threat Analysis Group […]

The post Apple addressed two actively exploited zero-day flaws appeared first on Security Affairs.

April 7, 2023
0 comment
Read More >>

Google TAG shares details about exploit chains used to install commercial spyware

Google’s Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. Google’s Threat Analysis Group (TAG) shared details about two distinct campaigns which used several zero-day exploits against Android, iOS and Chrome. The experts pointed out that both campaigns were limited and highly targeted. The threat actors behind […]

The post Google TAG shares details about exploit chains used to install commercial spyware appeared first on Security Affairs.

March 29, 2023
0 comment
Read More >>

Apple fixes recently disclosed CVE-2023-23529 zero-day on older devices

Apple released updates to backport security patches that address actively exploited CVE-2023-23529 WebKit zero-day for older iPhones and iPads. Apple released security updates to backport patches that address an actively exploited zero-day flaw (CVE-2023-23529) for older iPhones and iPads. The CVE-2023-23529 flaw is a type confusion issue in WebKit that was addressed by the IT giant with […]

The post Apple fixes recently disclosed CVE-2023-23529 zero-day on older devices appeared first on Security Affairs.

March 28, 2023
0 comment
Read More >>

Hacks at Pwn2Own Vancouver 2023

An impressive array of hacks were demonstrated at the first day of the Pwn2Own conference in Vancouver:

On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3.

The first to fall was Adobe Reader in the enterprise applications category after Haboob SA’s Abdul Aziz Hariri (@abdhariri) used an exploit chain targeting a 6-bug logic chain abusing multiple failed patches which escaped the sandbox and bypassed a banned API list on macOS to earn $50,000…

March 27, 2023
0 comment
Read More >>

City of Toronto is one of the victims hacked by Clop gang using GoAnywhere zero-day

Clop ransomware gang added the City of Toronto to the list of its victims, it is another organization compromised by exploiting GoAnywhere zero-day. Clop ransomware gang added the City of Toronto to the list of victims published on its Tor leak site. The City was targeted as part of a campaign exploiting the recently disclosed zero-day vulnerability in […]

The post City of Toronto is one of the victims hacked by Clop gang using GoAnywhere zero-day appeared first on Security Affairs.

March 24, 2023
0 comment
Read More >>