Saturday, July 20, 2019
Apple

iPhone iMessage Malformed Message Bricking

An issue exists where a malformed iMessage can brick an iPhone. A method in IMCore can throw an NSException due to a malformed message containing a property with key IMExtensionPayloadLocalizedDescriptionTextKey with a value that is not a NSString.
Apple

Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation

This Metasploit module exploits a command injection in TimeMachine on macOS
Apple

Apple Security Advisory 2019-6-20-1

Apple Security Advisory 2019-6-20-1 - AirPort Base Station Firmware Update 7.8.1 is now available and addresses denial of service and null pointer vulnerabilities.
Apple

Apple Security Advisory 2019-5-30-1

Apple Security Advisory 2019-5-30-1 - AirPort Base Station Firmware Update 7.9.1 is now available and addresses denial of service and null pointer vulnerabilities.
Apple

Apple Security Advisory 2019-5-28-1

Apple Security Advisory 2019-5-28-1 - iTunes for Windows 12.9.5 is now available and addresses code execution vulnerabilities.
Apple

Apple Security Advisory 2019-5-28-2

Apple Security Advisory 2019-5-28-2 - iCloud for Windows 7.12 is now available and addresses code execution vulnerabilities.
Apple

Visual Voicemail For iPhone IMAP NAMESPACE Use-After-Free

Visual Voicemail for iPhone suffers from a use-after-free vulnerability in IMAP NAMESPACE processing.
Apple

Apple Security Advisory 2019-5-13-5

Apple Security Advisory 2019-5-13-5 - Safari 12.1.1 is now available and addresses code execution vulnerabilities.
Apple

Apple Security Advisory 2019-5-13-6

Apple Security Advisory 2019-5-13-6 - Apple TV Software 7.3 is now available and addresses buffer overflow and code execution vulnerabilities.
Apple

Apple Security Advisory 2019-5-13-4

Apple Security Advisory 2019-5-13-4 - watchOS 5.2.1 is now available and addresses code execution vulnerabilities.
Apple

Apple Security Advisory 2019-5-13-3

Apple Security Advisory 2019-5-13-3 - tvOS 12.3 is now available and addresses code execution vulnerabilities.
Apple

Apple Security Advisory 2019-5-13-2

Apple Security Advisory 2019-5-13-2 - macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra are now available and addresses bypass and code execution vulnerabilities.
Apple

Apple Security Advisory 2019-5-13-1

Apple Security Advisory 2019-5-13-1 - iOS 12.3 is now available and addresses code execution vulnerabilities.
Apple

PostgreSQL COPY FROM PROGRAM Command Execution

Installations running Postgres 9.3 and above have functionality which allows for the superuser and users with 'pg_execute_server_program' to pipe to and from an external program using COPY. This allows arbitrary command execution as though you have console access. This...
Apple

Apple Security Advisory 2019-3-27-1

Apple Security Advisory 2019-3-27-1 - watchOS 5.2 is now available and addresses buffer overflow and code execution vulnerabilities.

Cisco Patches Critical Flaw in Vision Dynamic Signage Director

Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.  Tracked as CVE-2019-1917, the vulnerability was found in the REST...

The Great Hack: the film that goes behind the scenes of the Facebook data scandal

This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...
SecurityWeek

Scotland Yard Twitter and Emails Hacked

London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages. read more

Browser Extensions Scraped Data From Millions of People

Slack passwords, NSO spyware, and more of the week's top security news.
ZDNet

Hackers breach FSB contractor, expose Tor deanonymization project and more

SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.