Security News
The Mail application in iOS is affected by two critical zero-day vulnerabilities that appear to have been exploited in targeted attacks since at least January 2018, cybersecurity automation company ZecOps reported on Wednesday. The vulnerabilities, described as out-of-bounds write and heap overflow issues, affect the MobileMail application on iOS 12 and maild on iOS 13, and they can be exploited by sending specially crafted emails to the targeted user.
Apple has reportedly patched a pair of critical vulnerabilities in iOS that are being exploited by what appears to be government-backed hackers to spy on high-value targets. Most importantly, the researchers said, in iOS 13, the attack can be performed when Mail automatically downloads messages in the background, meaning no user interaction is needed: the data is fetched, parsed, and the bugs exploited immediately.
Researchers are reporting two Apple iOS zero-day security vulnerabilities affecting its Mail app on iPhones and iPads. Impacted are iOS 6 and iOS 13.4.1.
Last year, ZecOps discovered two iPhone zero-day exploits. They will be patched in the next iOS release: Avraham declined to disclose many details about who the targets were, and did not say...
The default mailing app pre-installed on millions of iPhones and iPads has been found vulnerable to two critical flaws that attackers are exploiting in the wild, at least, from the last two years to spy on high-profile victims. The flaws could eventually let remote hackers secretly take complete control over Apple devices just by sending an email to any targeted individual with his email account logged-in to the vulnerable app.
The default mailing app pre-installed on millions of iPhones and iPads has been found vulnerable to two critical flaws that attackers are exploiting in the wild, at least, from the last two years to spy on high-profile victims. The flaws could eventually let remote hackers secretly take complete control over Apple devices just by sending an email to any targeted individual with his email account logged-in to the vulnerable app.
A cybersecurity researcher today publicly disclosed technical details and PoC for 4 unpatched zero-day vulnerabilities affecting an enterprise security software offered by IBM after the company refused to acknowledge the responsibly submitted disclosure. According to Pedro Ribeiro from Agile Information Security firm, IBM Data Risk Manager contains three critical severity vulnerabilities and a high impact bug, all listed below, which can be exploited by an unauthenticated attacker reachable over the network, and when chained together could also lead to remote code execution as root.
The Mootbot botnet has been using a pair of zero-day exploits to compromise multiple types of fiber routers. According to researchers at NetLab 360, the operators of the Mootbot botnet in late February started to exploit a zero-day bug found in nine different types of fiber routers used to provide internet access and Wi-Fi to homes and businesses.
Multiple botnets are targeting a zero-day vulnerability in fiber routers in an attempt to ensnare them and leverage their power for malicious purposes, security researchers warn. Security researchers with Qihoo 360's Netlab have observed multiple attempts to target the 0day, some before the PoC was published, starting with the Moobot botnet that successfully used an exploit for the vulnerability in February.
Researchers are warning owners of fiber routers to keep a close eye on their gear and check for firmware updates following the discovery an in-the-wild zero-day attack. The researchers note that since the partial proof of concept was posted, two other botnets have been spotted attempting to exploit it.