Tag: vulnerability
Microsoft Teams vulnerability shows danger of collaboration apps
New zero-day vulnerability in BackupBuddy plugin leaves WordPress users at risk
According to iThemes researchers, Hackers are actively exploiting the vulnerability (CVE-2022-31474) across impacted systems using specific versions of the BackupBuddy plugin. The exploit allows attackers to view the contents of any WordPress-accessible file on the affected server. This includes those with sensitive information, including /etc/passwd, /wp-config.php, .my.cnf, and .accesshash. These…
Essential Google Chrome update thwarts security vulnerability
Still have an iPhone 6 or 5s? Update it now to fix a big security vulnerability
Apple Releases iOS 12.5.6 Update for Older iPhones and iPads With Vulnerability Fixes
The update can be downloaded over-the-air by opening up the Settings app, tapping on “General,” and selecting the “Software Update” option.
The iOS 12.5.6 update fixes a major vulnerability that was actively exploited, so it’s worth updating right away if you have an older device. The WebKit vulnerability was already fixed in the iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1 updates.
Devices that cannot be updated past iOS 12 include the iPhone 5s, iPhone 6, iPhone 6 Plus, iPod touch 6, original iPad Air, iPad mini 2, and iPad mini 3.
This article, “Apple Releases iOS 12.5.6 Update for Older iPhones and iPads With Vulnerability Fixes” first appeared on MacRumors.com
Discuss this article in our forums
Amazon sneakily fixed a vulnerability in the Ring camera
There are plenty of reasons not to get a Ring camera, and the Amazon-owned home security system company just gave us another.
In May, Ring sneakily fixed a “high-severity” security vulnerability in its Android app that could’ve exposed users’ camera recordings, full name, email, phone number, geolocation, and address, according to researchers from the security company Checkmarx. And the company kept it quiet, TechCrunch reported. The Android app has been downloaded more than 10 million times.
Checkmarx researchers discovered the vulnerability while they were analyzing Ring’s Android app and found that it had several bugs. All those bugs combined could have let attackers exploit the app and the users.
Amazon told Checkmarx that it issued a fix for the problem on May 27.
“Based on our review, no customer information was exposed,” Amazon said. “This issue would be extremely difficult for anyone to exploit, because it requires an unlikely and complex set of circumstances to execute.”
This isn’t the first time Ring video doorbell cameras have come under fire for their less than ideal security. The device’s footage is stored in the cloud, an infamously easy-to-hack space which Amazon employees can access. And according to the Electronic Frontier Foundation, bad actors have accessed Ring cameras time and time again and “used them to traumatize children and harass families.”
So it’s great that Checkmarx found these vulnerabilities and that Amazon fixed them. But wouldn’t it be easier if we just… stopped buying them?
Chrome’s new update patches yet another major exploited vulnerability
This vulnerability allowed hackers to access every aspect of your Mac
Researchers Find Vulnerability In Software Underlying Discord, Microsoft Teams, and Other Apps
Aaditya Purani, one of the researchers who found these vulnerabilities, said that “regular users should know that the Electron apps are not the same as their day-to-day browsers,” meaning they are potentially more vulnerable. In the case of Discord, the bug Purani and his colleagues found only required them to send a malicious link to a video. With Microsoft Teams, the bug they found could be exploited by inviting a victim to a meeting. In both cases, if the targets clicked on these links, hackers would have been able to take control of their computers, Purani explained in the talk. For him, one of the main takeaways of their research is that Electron is risky precisely because users are very likely to click on links shared in Discord or Microsoft Teams.
Read more of this story at Slashdot.