Vulnerabiltiies

There are two new speculative execution attacks that impact recent Apple chips, according to data shared today by Georgia Tech students that discovered the vulnerabilities. Named SLAP and FLOP, the two security flaws could allow an attacker to use a malicious webpage to spy on the contents of other webpages, giving attackers remote access to browsing history, credit card data, emails,...

Microsoft's 365 Defender Research Team this morning published details on a new "Powerdir" macOS vulnerability that let an attacker bypass the Transparency, Consent, and Control technology to gain unauthorized access to protected data. Apple already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update that was released in December, so users who have updated to the...

Last week, security researcher Denis Tokarev made several zero-day iOS vulnerabilities public after he said that Apple had ignored his reports and had failed to fix the issues for several months. Tokarev today told Motherboard that Apple got in touch after he went public with his complaints and after they saw significant media attention. In an email, Apple apologized for the contact delay...

A new iOS vulnerability was discovered by a security researcher over the weekend, causing affected iPhones and iPads to crash and restart when following a link to an HTML page hosting specially crafted CSS code. The vulnerability hits the WebKit rendering engine used in Safari by applying a CSS effect -- "backdrop-filter" -- that requires enough heavy graphics processing to cause iOS to crash ...

Intel CEO Brian Krzanich today wrote an open letter to Intel customers following the "Meltdown" and "Spectre" hardware-based vulnerabilities that impact its processors. In the letter, Krzanich says that by January 15, updates will have been issued for at least 90 percent of Intel CPUs introduced in the past five years, with updates for the remainder coming at the end of January. For Apple...

Last week Adobe issued a security advisory for Flash Player, indicating that version 21.0.0.242 and earlier had a critical vulnerability that could potentially cause a crash and allow an attacker to take control of the infected system. Adobe issued a fix a couple days later. Apple today published a support document explaining that users with out-of-date versions of the Adobe Flash Player...