Skip to content

Home Early Warning System Issues
Issues
iPhone Lockscreen Bypass Vulnerability
Wednesday, 17 October 2018 12:00

A passcode bypass vulnerability was reported in the latest iOS 12.0.1. Attackers with physical access to a locked iPhone can access photo album, select photos and send them to anyone using Apple Messages. No patch was available at the time of this entry. Users can temporarily fix the issue by disabling Siri from the lockscreen.

 
Microsoft Windows Jet Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability
Wednesday, 26 September 2018 14:00

A vulnerability was reported in the Jet database engine. Crafted data in a database file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. No solution was available at the time of this entry. The only salient mitigation strategy is to restrict interaction with the application to trusted files.

 
Western Digital My Cloud Authentication Bypass Vulnerability
Thursday, 20 September 2018 09:00

A vulnerability was reported in the Western Digital My Cloud. An unauthenticated attacker may be able to authenticate as an admin user without needing to provide a password, thereby gaining full control of the My Cloud device. No fix was available at the time of this entry.

 
Apple WebKit Rendering Engine Denial of Service Vulnerability
Tuesday, 18 September 2018 13:00

A vulnerability was reported in Apple's web rendering engine WebKit. Malicious web page with specially crafted CSS & HTML code can cause shut down and restart of the device. No solution was available at the time of this entry. Users are advised to be vigilant while visiting any web page including the code or clicking on links sent over their Facebook or WhatsApp account, or in an email.

 
URL Spoofing Vulnerability in Apple Safari and Microsoft Edge
Thursday, 13 September 2018 12:00

A vulnerability was reported in the Microsoft Edge web browser for Windows and Apple Safari for iOS. Both browsers allowed javascript to update the address bar while the page was still loading. Thus, attackers may be able to conduct phishing attacks through address bar spoofing. Microsoft Edge was patched last month with Microsoft monthly security updates, but Safari is still unpatched at the time of this entry.

 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 1 of 141
[YOUR IP : 54.162.118.107: 56694] ...   [YOUR BROWSER: CCBot/2.0 (https://commoncrawl.org/faq/)] ...