Apple iOS 14.8 and iPadOS 14.8 update: An integer overflow was addressed with improved input validation. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Updates are available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apple mac os x |
||
apple mac os x 10.15.7 |
||
apple ipados |
||
apple watchos |
||
apple macos |
||
apple iphone os |
||
xpdfreader xpdf |
||
freedesktop poppler |
Symantec solutions help detect, filter, and block the threat.
Posted: 23 Sep, 20213 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinPegasus Spyware Takes Flight AgainSymantec solutions help detect, filter, and block the threat.The recent iOS 14.8 update fixes a zero-day, zero-click exploit for a vulnerability affecting every mobile iOS device. The flaw, dubbed FORCEDENTRY (CVE-2021-30860), resided in Apple’s iMessage and, according to a report by The Citizen Lab, was used to push NSO Group...
Get our weekly newsletter Meta adverse to internet mercenaries using its social networks to help governments violate human rights
Facebook successor Meta on Thursday said it canceled 1,500 social media accounts used by seven surveillance-for-hire firms to conduct online attacks against government critics and members of civil society. These accounts were primarily used to observe targets and lure them into visiting malicious websites, or receiving booby-trapped messages, typically, that compromise their devices and online profiles. Tens of thousands of people potentially targeted by these groups have been privately alerted ...
Get our weekly newsletter Separate flaw in WebKit also under attack squashed, too – and two zero-days in Chrome, as well
Updated Apple on Monday issued security patches for its mobile and desktop operating systems, and for its WebKit browser engine, to address two security flaws, at least one of which was, it is said, used by autocratic governments to spy on human rights advocates. A day before the iGiant is expected to announce the iPhone 13, it released updates for iOS 14.8 and iPadOS 14.8, watchOS 7.6.2, and macOS Big Sur 11.6. Previous macOS releases Catalina (10.15) and Mojave (10.14) received updated version...
Get our weekly newsletter Friends are always tellin' me, you're a user ... Just be good to free()
Google's bug hunters say they spotted 58 zero-day vulnerabilities being exploited in the wild last year, which is the most-ever recorded since its Project Zero team started analyzing these in mid-2014. This is more than double the earlier record of 28 zero-day exploits detected in 2015. And miscreants are still using the same old techniques to get away with their mischief. "With this record number of in-the-wild zero-days to analyze we saw that attacker methodology hasn't actually had to change ...
Get our weekly newsletter Flaw imperils Safari – and every iOS browser because of Cupertino's T&Cs
Apple on Thursday patched a zero-day security vulnerability in its WebKit browser engine, issuing updates for iOS, iPadOS, and macOS. Its Safari browser, based on WebKit, received the security update separately for instances where it is being used with an older version of macOS, like Big Sur. Apple's tvOS was also refreshed, but without the security fix. The updates – iOS 15.3.1, iPadOS 15.3.1, and macOS Monterey 12.2.1 – address CVE-2022-22620, reported to Apple by an anonymous researcher. ...
Vulmon