Security News > 2023 > May > Week in review: KeePass vulnerability, Apple fixes exploited WebKit 0-days

Week in review: KeePass vulnerability, Apple fixes exploited WebKit 0-days
2023-05-21 08:00

Apple fixes WebKit 0-days under attackApple has released security updates for iOS and iPadOS, macOS, tvOS and watchOS, delivering fixes for many vulnerabilities but, most importantly, for CVE-2023-32409, a WebKit 0-day that "May have been actively exploited."

Enhancing open source security: Insights from the OpenSSF on addressing key challengesIn this Help Net Security interview, we meet a prominent industry leader.

Brian Behlendorf, CTO at the Open Source Security Foundation, shares insights on the influence of his experiences with the White House CTO office, World Economic Forum, and Linux Foundation on leading the OpenSSF and addressing open-source security challenges.

KeePass flaw allows retrieval of master password, PoC is publicA vulnerability in the open-source password manager KeePass can be exploited to retrieve the master password from the software's memory, says the researcher who unearthed the flaw.

Web entity activity reveals insights into internet securityIn this Help Net Security video, Himaja Motheram, Security Researcher at Censys, offers insight into the assets and weaknesses across organizations' internet infrastructure.

Malicious open-source components threatening digital infrastructureIn this Help Net Security video, Henrik Plate, Lead Security Researcher at Endor Labs, discusses the dual-edged nature of open-source software.


News URL

https://www.helpnetsecurity.com/2023/05/21/week-in-review-keepass-vulnerability-apple-fixes-exploited-webkit-0-days/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-06-23 CVE-2023-32409 Unspecified vulnerability in Apple products
The issue was addressed with improved bounds checks.
network
low complexity
apple
8.6

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349
Webkit 2 0 1 6 0 7