Exploits and vulnerabilities

MalwareBytesSecurity

Own an older iPhone? Check you’re on the latest version to avoid this bug

Categories: Apple

Categories: Exploits and vulnerabilities

Categories: News

Tags: iOS 12.5.7

Tags: CVE-2022-42856

Tags: type confusion

Tags: WebKit

Apple has now released security content for iOS 12.5.7 which includes a patch for an actively exploited vulnerability in WebKit and many other updates.

(Read more…)

The post Own an older iPhone? Check you’re on the latest version to avoid this bug appeared first on Malwarebytes Labs.

Read More
MalwareBytesSecurity

Update now! Proof of concept code to be released for Zoho ManageEngine vulnerability

Categories: Exploits and vulnerabilities

Categories: News

Tags: Zoho

Tags: ManageEngine

Tags: PoC

Tags: RCE

Tags: CVE-2022-47966

Tags: CVE-2022-35405

Tags: SAML

Tags: Apache Santuario

Proof of Concept code is about to be released for a vulnerability in many ManageEngine products which could enable RCE with SYSTEM privileges.

(Read more…)

The post Update now! Proof of concept code to be released for Zoho ManageEngine vulnerability appeared first on Malwarebytes Labs.

Read More
MalwareBytesSecurity

Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability

Categories: Exploits and vulnerabilities

Categories: News

Tags: patch Tuesday

Tags: CVE-2023-21674

Tags: APLC

Tags: CVE-2023-21743

Tags: Sharepoint

Tags: CVE-2023-21563

Tags: BitLocker

The second Tuesday of the year brings us many updates, including one for an actively exploited vulnerability that could lead to elevation of privileges

(Read more…)

The post Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability appeared first on Malwarebytes Labs.

Read More
MalwareBytesSecurity

4 over-hyped security vulnerabilities of 2022

Categories: Exploits and vulnerabilities

Categories: News

Tags: wormable

Tags: zero-day

Tags: spring4shell

Tags: cve-2022-34718

Tags: log4j

Tags: openssl

Tags: cve-2022-36934

Tags: cve-2022-27492

Tags: cve-2022-22965

Tags: cve-2022-22963

What does it take to make the discussion of vulnerabilities useful? And where did this go wrong in 2022?

(Read more…)

The post 4 over-hyped security vulnerabilities of 2022 appeared first on Malwarebytes Labs.

Read More
MalwareBytesSecurity

Update now! Apple patches active exploit vulnerability for iPhones

Categories: Exploits and vulnerabilities

Categories: News

Tags: Apple

Tags: iOS 16.1.2

Tags: Safari 16.2

Tags: CVE-2022-42856

Tags: type confusion

Apple has released new security content for iOS 16.1.2 and Safari 16.2. to fix a zero-day security vulnerability that was actively exploited

(Read more…)

The post Update now! Apple patches active exploit vulnerability for iPhones appeared first on Malwarebytes Labs.

Read More
MalwareBytesSecurity

Update now! Two zero-days fixed in 2022’s last patch Tuesday

Categories: Exploits and vulnerabilities

Categories: News

Tags: patch Tuesday

Tags: Microsoft

Tags: Android

Tags: Apple

Tags: Mozilla

Tags: Google

Tags: Sap

Tags: Citrix

Tags: Fortinet

Tags: Cisco

Tags: CVE-2022-44698

Tags: MotW

Tags: CVE-2022-44710

Tags: race condition

Tags: CVE-2022-44670

Tags: CVE-2022-44676

Tags: CVE-2022-41076

Tags: remote powershell

The last patch Tuesday of 2022 is here—find out what Microsoft and many others have fixed

(Read more…)

The post Update now! Two zero-days fixed in 2022’s last patch Tuesday appeared first on Malwarebytes Labs.

Read More
MalwareBytesSecurity

Update now! NetGear routers’ default configuration allows remote attacks

Categories: Exploits and vulnerabilities

Categories: News

Tags: NetGear

Tags: Nighthawk

Tags: remote

Tags: ports

Tags: IPv6

NetGear has issued a hotfix that has to be installed manually, after researchers found a vulnerability that could allow remote attacks.

(Read more…)

The post Update now! NetGear routers’ default configuration allows remote attacks appeared first on Malwarebytes Labs.

Read More