A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple macos 12.0 |
||
apple iphone os 15.0 |
||
apple ipad os |
||
apple iphone os |
||
apple macos |
||
apple tvos |
||
apple watchos |
||
apple iphone os 15.0.1 |
||
apple ipados 15.0 |
||
apple ipados 15.0.1 |
Get our weekly newsletter With 71 new CVEs, there are patches enough for everyone
Microsoft's October Patch Tuesday has arrived with fixes for 71 new CVEs, two patch revisions to address bugs from previous months that just won't die, and three CVEs tied to OpenSSL flaws. That's in addition to eight Edge-Chromium CVEs dealt with earlier this month. Two of the fresh bugs are rated Critical, 68 are designated Important, and one is rated Low severity. Four among the overall October harvest have been publicly disclosed, including one from July, an Azure AD security feature bypass ...
Get our weekly newsletter Tech breakdown and proof-of-concept code is already out there
If you're using an iPhone, install the iOS 15.0.2 update immediately: Apple has warned that the latest OS upgrade patches an "actively exploited" zero-day. Described as a "memory corruption issue" by Apple, the vuln is present within the IOMobileFrameBuffer kernel extension, used for managing display memory. Malicious applications are said to be capable of triggering an integer overflow in the framebuffer, permitting execution of arbitrary code with kernel privileges. The bug, publicly tracked a...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Watching people's every move and collecting their info – not on our watch, says web ads giant
Spyware developed by Italian firm RCS Labs was used to target cellphones in Italy and Kazakhstan — in some cases with an assist from the victims' cellular network providers, according to Google's Threat Analysis Group (TAG). RCS Labs customers include law-enforcement agencies worldwide, according to the vendor's website. It's one of more than 30 outfits Google researchers are tracking that sell exploits or surveillance capabilities to government-backed groups. And we're told this particular sp...