Security News

Apple has backported the patch for CVE-2024-23296 to the iOS 16 branch and has fixed a bug in MarketplaceKit that may allow maliciously crafted webpages to distribute a script that tracks iOS users on other webpages. The company has also added a new capability to iOS 17 that will alert users if an unknown Bluetooth tracker is "Seen" moving with them.

Google has released emergency security updates for the Chrome browser to address a high-severity zero-day vulnerability tagged as exploited in attacks. Chrome updates automatically when a security update is available, but users can confirm they're running the latest version by going to Settings > About Chrome, letting the update finish, and then clicking on the 'Relaunch' button to apply it.

Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS zero-day tagged as exploited in attacks. Apple has yet to disclose who disclosed the zero-day or whether it was discovered internally, and it has provided no information on the nature of the attacks exploiting it in the wild.

Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks. Today, Apple backported the March security updates to address this security flaw on iOS 16.7.8, iPadOS 16.7.8, and macOS Ventura 13.6.7 with improved input validation.

Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild. Tracked as CVE-2024-4671, the high-severity vulnerability...

Google has fixed a Chrome zero-day vulnerability, an exploit for which exists in the wild."Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," CIS explains.

Google has released a security update for the Chrome browser to fix the fifth zero-day vulnerability exploited in the wild since the start of the year. This latest flaw addressed in Google Chrome is the fifth this year, with three others discovered during the March 2024 Pwn2Own hacking contest in Vancouver.

Hackers backdoored Cisco ASA devices via two zero-daysA state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances used on government networks across the globe and use two zero-day vulnerabilities to install backdoors on them, Cisco Talos researchers have shared on Wednesday. How to optimize your bug bounty programsIn this Help Net Security interview, Roy Davis, Manager - Vulnerability Management & Bug Bounty at Zoom, discusses the role bug bounty programs play in identifying security vulnerabilities and facilitating collaboration with researchers.

A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed...

A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances used on government networks across the globe and use two zero-day vulnerabilities to install backdoors on them, Cisco Talos researchers have shared on Wednesday."On a compromised ASA, the attackers submit shellcode via the host-scan-reply field, which is then parsed by the Line Dancer implant. The host-scan-reply field, typically used in later parts of the SSL VPN session establishment process, is processed by ASA devices configured for SSL VPN, IPsec IKEv2 VPN with 'client-services' or HTTPS management access," the researchers explained.