Security News

Apple announced on Monday at WWDC 2023 its much anticipated Vision Pro augmented reality device, which CEO Tim Cook promised would be a revolutionary advance. During the keynote, Apple also announced iOS 17, macOS 14 Sonoma, iPadOS 17, new Apple Watch features and an array of hardware upgrades.

Project Zero, Google's zero-day bug-hunting team, discovered and reported 18 zero-day vulnerabilities in Samsung's Exynos chipsets used in mobile devices, wearables, and cars. "The baseband software does not properly check the format types of accept-type attribute specified by the SDP, which can lead to a denial of service or code execution in Samsung Baseband Modem," Samsung says in a security advisory describing the CVE-2023-24033 vulnerability.

Project Zero, Google's zero-day bug-hunting team, discovered and reported 18 baseband zero-day vulnerabilities in Samsung's Exynos chipsets used in mobile devices, wearables, and cars. "The baseband software does not properly check the format types of accept-type attribute specified by the SDP, which can lead to a denial of service or code execution in Samsung Baseband Modem," Samsung says in a security advisory describing the CVE-2023-24033 vulnerability.

Qualcomm on Tuesday released patches to address multiple security flaws in its chipsets, some of which could be exploited to cause information disclosure and memory corruption. The five vulnerabilities - tracked from CVE-2022-40516 through CVE-2022-40520 - also impact Lenovo ThinkPad X13s laptops, prompting the Chinese PC maker to issue BIOS updates to plug the security holes.

There are technological and expertise hurdles that a miscreant would have to clear today to track a person through the Bluetooth signals in their devices, they wrote. The researchers - who hail from the school's departments of Computer Science and Engineering and Electrical and Computer Engineering - pointed to the applications governments added to Apple iOS and Android devices used in the COVID-19 pandemic that send out constant Bluetooth signals - or beacons - for contact-tracing efforts.

Three security vulnerabilities have been disclosed in the audio decoders of Qualcomm and MediaTek chips that, if left unresolved, could allow an adversary to remotely gain access to media and audio conversations from affected mobile devices. According to Israeli cybersecurity company Check Point, the issues could be used as a launchpad to carry out remote code execution attacks simply by sending a specially crafted audio file.

U.S. graphics chip specialist NVIDIA has released software updates to address a total of 26 vulnerabilities impacting its Jetson system-on-module series that could be abused by adversaries to escalate privileges and even lead to denial-of-service and information disclosure. Tracked from CVE‑2021‑34372 through CVE‑2021‑34397, the flaws affect products Jetson TX1, TX2 series, TX2 NX, AGX Xavier series, Xavier NX, and Nano and Nano 2GB running all Jetson Linux versions prior to 32.5.1.

Flaws impacting millions of internet of things devices running NVIDIA's Jetson chips open the door for a variety of hacks, including denial-of-service attacks or the siphoning of data. NVIDIA released patches addressing nine high-severity vulnerabilities including eight additional bugs of less severity.

EdgeQ introduces 5G chipset-as-a-service model, offering customers a future proof platform that can scale 5G and AI features as a function of subscription payments. Enterprise network, telco, and cloud providers can use EdgeQ to virtualize network resources, allowing elastic scaling of 5G services on demand.

Most Intel chipsets released in the past five years are affected by a vulnerability that can be exploited to obtain encrypted data and compromise data protection technologies, Positive Technologies revealed on Thursday. According to Positive Technologies, CVE-2019-0090 is an unfixable vulnerability that affects the Converged Security and Management Engine boot ROM on most Intel chipsets and system on chips, except for Ice Point chipsets.