Monday, January 24, 2022
Apple

Apple ColorSync Out-Of-Bounds Read

Apple ColorSync suffers from out-of-bounds read vulnerabilities due to integer overflows in curve table initialization.
Apple

Apple Security Advisory 2022-01-12-1

Apple Security Advisory 2022-01-12-1 - iOS 15.2.1 and iPadOS 15.2.1 addresses denial of service and resource exhaustion vulnerabilities.
Apple

Apple Security Advisory 2021-12-15-7

Apple Security Advisory 2021-12-15-7 - Safari 15.2 addresses buffer overflow, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
Apple

Apple Security Advisory 2021-12-15-6

Apple Security Advisory 2021-12-15-6 - watchOS 8.3 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
Apple

Apple Security Advisory 2021-12-15-5

Apple Security Advisory 2021-12-15-5 - tvOS 15.2 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
Apple

Apple Security Advisory 2021-12-15-4

Apple Security Advisory 2021-12-15-4 - Security Update 2021-008 Catalina addresses buffer overflow, bypass, code execution, heap corruption, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple

Apple Security Advisory 2021-12-15-3

Apple Security Advisory 2021-12-15-3 - macOS Big Sur 11.6.2 addresses buffer overflow, bypass, code execution, heap corruption, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple

Apple Security Advisory 2021-12-15-2

Apple Security Advisory 2021-12-15-2 - macOS Monterey 12.1 addresses buffer overflow, bypass, code execution, heap corruption, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple

Apple Security Advisory 2021-12-15-1

Apple Security Advisory 2021-12-15-1 - iOS 15.2 and iPadOS 15.2 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple

Apple ColorSync CMMNDimLinear::Interpolate Uninitialized Memory

Apple ColorSync suffers from a use of uninitialized memory in CMMNDimLinear::Interpolate.
Apple

Apple Security Advisory 2021-10-26-11

Apple Security Advisory 2021-10-26-11 - tvOS 15 addresses bypass, code execution, denial of service, out of bounds read, and use-after-free vulnerabilities.
Apple

Apple Security Advisory 2021-10-26-10

Apple Security Advisory 2021-10-26-10 - watchOS 8 addresses bypass, code execution, denial of service, out of bounds read, and use-after-free vulnerabilities.
Apple

Apple Security Advisory 2021-10-26-9

Apple Security Advisory 2021-10-26-9 - iOS 15 and iPadOS 15 addresses code execution, denial of service, out of bounds read, spoofing, and use-after-free vulnerabilities.
Apple

Apple Security Advisory 2021-10-26-8

Apple Security Advisory 2021-10-26-8 - Safari 15 addresses bypass, code execution, and use-after-free vulnerabilities.
Apple

Apple Security Advisory 2021-10-26-7

Apple Security Advisory 2021-10-26-7 - tvOS 15.1 addresses buffer overflow, code execution, cross site scripting, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists

State-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data.

The Case for Backing Up Source Code

As enterprise data security concerns grow, security experts urge businesses to back up their GitLab, GitHub, and BitBucket repositories.

Surge in Malicious QR Codes Sparks FBI Alert

QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data and money, and drop malware.

Dark Souls 3 Servers Shut Down Due to Critical RCE Bug

The bug can allow attackers to remotely execute code on gamers’ computers. The devs temporarily deactivated PvP servers across multiple affected versions.
TechRepublic

REvil gang member arrests strike fear among cybercriminals on the Dark Web

Dark Web forum posts uncovered by Trustwave show that the recent arrests in Russia have triggered major concerns among fellow criminals.