‼ CVE-2022-42801 ‼
📖 Read
via "National Vulnerability Database".
A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42790 ‼
📖 Read
via "National Vulnerability Database".
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6. A user may be able to view restricted content from the lock screen.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42788 ‼
📖 Read
via "National Vulnerability Database".
A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Ventura 13. A malicious application may be able to read sensitive location information.📖 Read
via "National Vulnerability Database".
📢 Major security exploits expected to rise before New Year 📢
📖 Read
via "ITPro".
Supply chain attacks are also expected to increase, along with affiliate programmes becoming more popular📖 Read
via "ITPro".
ITPro
Major security exploits expected to rise before New Year
Supply chain attacks are also expected to increase, along with affiliate programmes becoming more popular
📢 UK's £6m cyber support package for Ukraine revealed for first time 📢
📖 Read
via "ITPro".
The government said the programme has been in place since February but remained tight-lipped to preserve its operational security📖 Read
via "ITPro".
ITPro
UK's £6m cyber support package for Ukraine revealed for first time
The government said the programme has been in place since February but remained tight-lipped to preserve its operational security
📢 Yanluowang ransomware leaks suggest pseudo Chinese persona, REvil links 📢
📖 Read
via "ITPro".
It's the second major ransomware organisation to have been rocked this year after internal chat logs were leaked by anonymous hackers📖 Read
via "ITPro".
ITPro
Yanluowang ransomware leaks suggest pseudo Chinese persona, REvil links
It's the second major ransomware organisation to have been rocked this year after internal chat logs were leaked by anonymous hackers
📢 OpenSSL 3.0 vulnerability: Patch released for security scare 📢
📖 Read
via "ITPro".
The severity has been downgraded from 'critical' to 'high' and comparisons to Heartbleed have been quashed📖 Read
via "ITPro".
‼ CVE-2022-3659 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Accessibility in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chrome security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3814 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in Axiomatic Bento4. This vulnerability affects unknown code of the component mp4decrypt. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212680.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3816 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in Axiomatic Bento4. Affected is an unknown function of the component mp4decrypt. The manipulation leads to memory leak. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212682 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3661 ‼
📖 Read
via "National Vulnerability Database".
Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome Extension. (Chrome security severity: Low)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3652 ‼
📖 Read
via "National Vulnerability Database".
Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3817 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in Axiomatic Bento4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component mp4mux. The manipulation leads to memory leak. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212683.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3657 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chrome security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3812 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is the function AP4_ContainerAtom::AP4_ContainerAtom of the component mp4encrypt. The manipulation leads to memory leak. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212678 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3656 ‼
📖 Read
via "National Vulnerability Database".
Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chrome security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3660 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 107.0.5304.62 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chrome security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3813 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Axiomatic Bento4. This affects an unknown part of the component mp4edit. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212679.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3723 ‼
📖 Read
via "National Vulnerability Database".
Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3658 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Feedback service on Chrome OS in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chrome security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3654 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)📖 Read
via "National Vulnerability Database".