Apple releases emergency updates for two known-to-be-exploited vulnerabilities

Categories: Apple

Categories: Exploits and vulnerabilities

Categories: News

Tags: iOS 16.4.1

Tags: iPadOS 16.4.1

Tags: macOS 13.3.1

Tags: CVE-2023-28206

Tags: CVE-2023-28205

Tags: use-after-free

Tags: out-of-bounds write

Tags: IOSurfaceAccelerator

Apple has released iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1 for the iPhone, iPad, and Mac, respectively, and our advice is to install them as soon as possible.

(Read more…)

The post Apple releases emergency updates for two known-to-be-exploited vulnerabilities appeared first on Malwarebytes Labs.

Read more

Update Android now! Google patches three important vulnerabilities

Categories: Android

Categories: Exploits and vulnerabilities

Categories: News

Tags: Google

Tags: Android

Tags: update

Tags: CVE-2023-21085

Tags: CVE-2023-21096

Tags: CVE-2022-38181

Tags: Use-after-free

Tags: input validation

Google has released an Android update that fixes two critical remote code execution (RCE) vulnerabilities, and one vulnerability that has been exploited in the wild.

(Read more…)

The post Update Android now! Google patches three important vulnerabilities appeared first on Malwarebytes Labs.

Read more

Super FabriXss: an RCE vulnerability in Azure Service Fabric Explorer

Categories: Exploits and vulnerabilities

Categories: News

Tags: Azure

Tags: Microsoft

Tags: Super FabriXss

Tags: RCE

Tags: vulnerability

Tags: CVE-2023-23383

Researchers disclosed how they found a remote code execution vulnerability in Azure Service Fabric Explorer.

(Read more…)

The post Super FabriXss: an RCE vulnerability in Azure Service Fabric Explorer appeared first on Malwarebytes Labs.

Read more

Update now! Apple fixes actively exploited vulnerability and introduces new features

Categories: Apple

Categories: Exploits and vulnerabilities

Categories: News

Tags: macOS

Tags: iOS

Tags: iPadOS

Tags: watchOS

Tags: tvOS

Tags: Studio Display

Tags: CVE-2023-23529

Tags: type confusion

Tags: emoji

Apple has released security updates and new features for several of its products, including a fix for an actively exploited vulnerability.

(Read more…)

The post Update now! Apple fixes actively exploited vulnerability and introduces new features appeared first on Malwarebytes Labs.

Read more

Google Pixel: Cropped or edited images can be recovered

Categories: Exploits and vulnerabilities

Categories: News

Tags: Google

Tags: Pixel

Tags: Markup

Tags: CVE-2023-21036

Tags: recover

Tags: PNG

Tags: truncated

A vulnerability in the Markup tool that comes pre-installed on Pixel phones allows anyone with access to the edited image to view parts of the original.

(Read more…)

The post Google Pixel: Cropped or edited images can be recovered appeared first on Malwarebytes Labs.

Read more

Update now! Microsoft fixes two zero-day bugs

Categories: Exploits and vulnerabilities

Categories: News

Tags: patch Tuesday

Tags: March

Tags: 2023

Tags: Microsoft

Tags: Adobe

Tags: Fortinet

Tags: Android

Tags: SAP

Tags: CVE-2023-23397

Tags: CVE-2023-24880

Tags: CVE-2023-26360

Tags: CVE-2022-41328

This Patch Tuesday, Microsoft has released fixes for two actively exploited zero-days and Adobe has fixed one.

(Read more…)

The post Update now! Microsoft fixes two zero-day bugs appeared first on Malwarebytes Labs.

Read more

Clop ransomware is victimizing GoAnywhere MFT customers

Categories: Exploits and vulnerabilities

Categories: News

Categories: Ransomware

Tags: Clop

Tags: ransomware

Tags: GoAnywhere

Tags: CVE-2023-0669

The Clop ransomware gang has claimed responsibility for attacking several GoAnywhere MFT customers by exploiting a vulnerability in the managed file transfer software’s administrative interface.

(Read more…)

The post Clop ransomware is victimizing GoAnywhere MFT customers appeared first on Malwarebytes Labs.

Read more

Intel CPU vulnerabilities fixed. But should you update?

Categories: Exploits and vulnerabilities

Categories: News

Tags: CVE-2022-21123

Tags: CVE-2022-21125

Tags: CVE-2022-21127

Tags: CVE-2022-21166

Tags: Intel

Tags: VMs

Tags: microcode

Microsoft has released out of band updates for information disclosure vulnerabilities in Intel CPUs, but who needs them?

(Read more…)

The post Intel CPU vulnerabilities fixed. But should you update? appeared first on Malwarebytes Labs.

Read more