Apple Patches Webkit Code Execution Flaws - SecurityWeek

Apple on Wednesday released software updates to patch a critical code execution vulnerability in its WebKit engine, which is included in the company’s operating systems, as well as in web browsers such as Safari and others. The WebKit issue, tracked as CVE-2020-3844, was reported to Apple by an anonymous researcher who has earned $75,000 through the company’s bug bounty program. The vulnerability is a type confusion issue that allows an attacker to execute arbitrary code on a vulnerable device by simply getting the victim to visit a malicious website. Apple said the flaw affects all versions of Safari prior to 14.0 for macOS Mojave and High Sierra, as well as iOS and iPadOS prior to iOS and iPadOS 14.0. In addition to the WebKit update, Apple also released updates for iTunes for Windows 10 and earlier, iCloud for Windows 10 and earlier, and AirPort Base Station Firmware. SecurityWeek has reached out to Apple for more details about the WebKit vulnerability and whether exploitation has been spotted in the wild. This is not the first WebKit bug Apple has patched in 2020. In January, the tech giant released a fix for a zero-day flaw - tracked as CVE-2020-3841 - that had been exploited in the wild against users of its Safari web browser. Apple also fixed several WebKit security flaws back in June 2017. Organizations and users are advised to install the available patches in order to protect themselves.

This Cyber News was published on www.securityweek.com. Publication date: Tue, 24 Jan 2023 03:31:02 +0000


Cyber News related to Apple Patches Webkit Code Execution Flaws - SecurityWeek

Apple Patches Webkit Code Execution Flaws - SecurityWeek - Apple on Wednesday released software updates to patch a critical code execution vulnerability in its WebKit engine, which is included in the company’s operating systems, as well as in web browsers such as Safari and others. ...
1 year ago Securityweek.com
Discovering SSRF Flaws in Microsoft Azure Services - Microsoft Azure is an incredibly popular cloud computing platform and its services are used around the world. Recently, security researchers uncovered several Server-Side Request Forgery (SSRF) flaws in many of Microsoft Azure’s services. This type ...
1 year ago Securityaffairs.com
Over 1,450 pfSense servers exposed to RCE attacks via bug chain - Roughly 1,450 pfSense instances exposed online are vulnerable to command injection and cross-site scripting flaws that, if chained, could enable attackers to perform remote code execution on the appliance. PfSense is a popular open-source firewall ...
10 months ago Bleepingcomputer.com
Google Fixes Nearly 100 Android Security Issues - December was a hectic month for updates as firms including Apple and Google rushed to get patches out to fix serious flaws in their products before the holiday break. Enterprise software giants also issued their fair share of patches, with Atlassian ...
10 months ago Wired.com
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
9 months ago Darkreading.com
New ISC Security Patches Released for 2021: What You Need to Know - The Internet Systems Consortium (ISC), the largest provider of open-source Internet infrastructure software, has released new security patches designed to mitigate data breaches and other cyber threats. These new security patches, released in January ...
1 year ago Thehackernews.com
Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking - A researcher has discovered two potentially serious vulnerabilities affecting Econolite traffic controllers. Exploitation of the security flaws can have serious real-world impact, but they remain unpatched. Cyber offensive researcher Rustam Amin ...
1 year ago Securityweek.com
Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation - Apple is pushing out fresh versions of its flagship iOS and macOS platforms with patches for multiple WebKit vulnerabilities being exploited as zero-day in the wild. The device maker said the newest iOS 17.3 and macOS Sonoma 14.3 updates fix at least ...
9 months ago Securityweek.com
Apple To Drop Sensor From Some Watch Models - Redesign plan to remove blood-oxygen sensor on certain Apple Watch models is dependent on an appeal court decision. Apple is reportedly prepared to remove the blood-oxygen sensor from certain Apple Watch models, depending on a court decision. The ...
9 months ago Silicon.co.uk
Big Tech to EU: "Drop Dead" - There's just one wrinkle: the Big Tech companies don't want that future, and they're trying their damndest to strangle it in its cradle. Right from the start, it was obvious that the tech giants were going to war against the DMA, and the freedom it ...
5 months ago Eff.org
Apple emergency updates fix recent zero-days on older iPhones - Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models. The two vulnerabilities, now tracked as CVE-2023-42916 and CVE-2023-42917, were ...
10 months ago Bleepingcomputer.com
Apple Security Update Fixes Zero-Day Webkit Exploits - Apple recommends users update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2. Google's Threat Analysis Group discovered these security bugs. Apple has patched two zero-day vulnerabilities affecting iOS, iPadOS and macOS; users are advised to update to ...
11 months ago Techrepublic.com
21 Vulnerabilities in Sierra Wireless Routers Could Expose Critical Infrastructure to Attacks - Some Sierra Wireless cellular routers are affected by 21 vulnerabilities, including ones that could pose a significant risk to impacted organizations, including in critical infrastructure sectors, according to network security and risk management ...
11 months ago Securityweek.com
21 Vulnerabilities in Sierra Wireless Routers Could Expose Critical Infrastructure to Attacks - Some Sierra Wireless cellular routers are affected by 21 vulnerabilities, including ones that could pose a significant risk to impacted organizations, including in critical infrastructure sectors, according to network security and risk management ...
11 months ago Packetstormsecurity.com
GitLab Patches: Severe SAML Authentication Bypass Flaw Fixed - Security Boulevard - In addition to these patches, OmniAuth SAML has been upgraded to version 2.2.1 and Ruby-SAML to 1.17.0. It’s worth mentioning that the issue only impacts self-managed instances; therefore, users of GitLab Dedicated instances do not need to take any ...
1 month ago Securityboulevard.com
Apple Backported Patches CVE-2022-42856 - Security Affair Updates - Apple recently backported critical security patches for CVE-2022-42856, a newly-discovered vulnerability in Apple devices. The software updates were made available to all users, regardless of the operating system they are currently running. The ...
1 year ago Securityaffairs.com
Without Interoperability, Apple Customers Will Never Be Secure - Every internet user should have the ability to privately communicate with the people that matter to them, in a secure fashion, using the tools and protocols of their choosing. Apple's iMessage offers end-to-end encrypted messaging for its customers, ...
10 months ago Eff.org
Apple Move iPad Engineering To Vietnam - Fresh reports of Apple shifting manufacturing from China, with iPad product development resources relocated to Vietnam. Apple continues to strengthen its manufacturing and development capabilities outside of mainland China, according to recent media ...
11 months ago Silicon.co.uk
Final Patch Tuesday of 2023 goes out with a bang The Register - It's the last Patch Tuesday of 2023, which calls for celebration - just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course. Let's start with Apple, since two of the bugs Cupertino ...
10 months ago Go.theregister.com
Final Patch Tuesday of 2023 goes out with a bang The Register - It's the last Patch Tuesday of 2023, which calls for celebration - just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course. Let's start with Apple, since two of the bugs Cupertino ...
10 months ago Packetstormsecurity.com
Google Chrome Six Flaws: Should You be Worried? - Google Chrome is one of the most widely used web browsers around the world, and while it is generally more secure than its predecessors, multiple security flaws have been recently revealed that users should be aware of. Recently, the Google Chrome ...
1 year ago Securityaffairs.com
WebKit security hole found The Register - Apple has issued emergency fixes to plug security flaws in iPhones, iPads, and Macs that may already be under attack. The software updates for iOS, iPadOS, macOS Sonoma, and Safari web browser address two bugs: an out-of-bounds read flaw tracked as ...
11 months ago Go.theregister.com
Microsoft: Multiple Perforce Server Flaws Allow for Network Takeover - Microsoft has identified four vulnerabilities in the Perforce source-code management platform, the most critical of which gives attackers access to a highly privileged Windows OS account to potentially take over the system via remote code execution ...
10 months ago Darkreading.com
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
5 months ago Bleepingcomputer.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
5 months ago Securityaffairs.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)