Sign-up

VARIoT news about IoT security

Latest news

The news are found with our scripts for filtering search results.
Additional information about vulnerabilities, affected products and external identifiers are obtained with NLP and custom filters from found news.

Critical WebP 0-day Vuln CVE-2023-4863 in ‘libwebp’ Impacts Wider Software Ecosystem | Snyk

Trust: 4.25

Fetched: Oct. 1, 2023, 9:12 a.m., Published: Sept. 27, 2023, midnight
 Vulnerabilities: denial of service, code execution, buffer overflow
Affected productsExternal IDs
vendor: apple model: macos
vendor: google model: chrome
db: NVD ids: CVE-2023-41061, CVE-2023-5129, CVE-2023-4863, CVE-2023-41064

Reports about Cyber Actors Hiding in Router Firmware

Trust: 3.25

Fetched: Oct. 1, 2023, 9:06 a.m., Published: Sept. 27, 2023, 6:19 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: router

Vulnerability Assessment: Protecting Your Digital Fortresses

Trust: 3.0

Fetched: Sept. 29, 2023, 9:34 a.m., Published: Sept. 26, 2023, 12:15 p.m.
 Vulnerabilities: weak password
Affected productsExternal IDs

iPhone and other Apple users must update their devices against high-risk vulnerabilities: CERT-In

Trust: 4.0

Fetched: Sept. 29, 2023, 9:33 a.m., Published: Sept. 26, 2023, 10:01 p.m.
 Vulnerabilities: certificate validation issue
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: macbook

Patched bugs in Apple and Google software exploited in spyware attacks: Report - The Hindu

Trust: 3.5

Fetched: Sept. 29, 2023, 9:29 a.m., Published: Sept. 26, 2023, 9:49 a.m.
 Vulnerabilities: injection attack, code execution
Affected productsExternal IDs
vendor: apple model: watch
vendor: apple model: iphone
vendor: apple model: ipad
vendor: google model: chrome
vendor: google model: android

CISA Adds Vulnerabilities Exploitable Via Bluetooth to KEV - Blog | Tenable®

Related entries in the VARIoT vulnerabilities database: VAR-202206-0056, VAR-202206-0005, VAR-202206-0380, VAR-202206-0393, VAR-202206-0324

Trust: 3.75

Fetched: Sept. 29, 2023, 9:28 a.m., Published: Sept. 28, 2023, 2:59 p.m.
 Vulnerabilities: authentication vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2022-31459, CVE-2022-31462, CVE-2022-31460, CVE-2022-31461, CVE-2022-31463

Adobe Acrobat and Reader Arbitrary Code Execution Vulnerability (CVE-2023-26369) Notification - Security Boulevard

Trust: 5.0

Fetched: Sept. 29, 2023, 9:27 a.m., Published: Sept. 15, 2023, 7:13 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-26369

Cisco Catalyst 9100 Access Points Denial of Service Vulnerability - Cisco

Trust: 5.0

Fetched: Sept. 29, 2023, 9:26 a.m., Published: Sept. 27, 2023, 11:47 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: wireless controller
vendor: cisco model: catalyst 9100
vendor: cisco model: access points
vendor: cisco model: catalyst

How to Secure IoT Devices & Protect Them From Cyber Attacks

Trust: 3.25

Fetched: Sept. 29, 2023, 9:23 a.m., Published: Sept. 28, 2023, 3:46 a.m.
 Vulnerabilities: denial of service, privilege escalation
Affected productsExternal IDs

All You Need to Know About Android App Vulnerability: Insecure Authentication - Astra Security Blog

Trust: 4.0

Fetched: Sept. 29, 2023, 9:22 a.m., Published: Sept. 26, 2023, 7:58 a.m.
 Vulnerabilities: weak password
Affected productsExternal IDs

Cisco IOS XE Software for Catalyst 3650 and Catalyst 3850 Series Switches Denial of Service Vulnerability - Cisco

Trust: 4.0

Fetched: Sept. 29, 2023, 9:21 a.m., Published: Sept. 28, 2023, 10:47 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: cisco ios xe
vendor: cisco model: catalyst
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
vendor: cisco model: series switches
vendor: cisco model: ios xe software
vendor: cisco model: series

Apple fixes three vulnerabilities found by spyware researchers | Computer Weekly

Trust: 4.5

Fetched: Sept. 29, 2023, 9:21 a.m., Published: Sept. 25, 2023, midnight
 Vulnerabilities: certificate validation issue, code execution, privilege escalation
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: ipad
db: NVD ids: CVE-2023-41993, CVE-2023-41992, CVE-2023-41991, CVE-2023-2023

Cisco IOS XE Software Application Quality of Experience and Unified Threat Defense Denial of Service Vulnerability - Cisco

Trust: 3.75

Fetched: Sept. 29, 2023, 9:19 a.m., Published: Sept. 27, 2023, 11:47 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: cisco ios
vendor: cisco model: ios xe software
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe

Cisco Wireless LAN Controller AireOS Software Denial of Service Vulnerability - Cisco

Trust: 5.0

Fetched: Sept. 29, 2023, 9:16 a.m., Published: Sept. 27, 2023, 11:47 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: cisco wireless lan controller
vendor: cisco model: aireos
vendor: cisco model: wireless lan controller

Apple patches Blastpass exploit abused by spyware makers | Computer Weekly

Trust: 5.5

Fetched: Sept. 29, 2023, 9:15 a.m., Published: Sept. 8, 2023, midnight
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: ipad
db: NVD ids: CVE-2023-41061, CVE-2023-41064

Pegasus spyware and how it exploited a WebP vulnerability

Trust: 5.5

Fetched: Sept. 29, 2023, 9:13 a.m., Published: Sept. 27, 2023, 12:37 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: apple model: macos
vendor: google model: chrome
vendor: google model: android
db: NVD ids: CVE-2023-41064, CVE-2023-4863

Cisco IOS XE Software Web UI Command Injection Vulnerability - Cisco

Trust: 4.75

Fetched: Sept. 29, 2023, 9:10 a.m., Published: Sept. 27, 2023, 9:47 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: nx-os software
vendor: cisco model: access points
vendor: cisco model: cisco ios xe
vendor: cisco model: catalyst
vendor: cisco model: cisco ios
vendor: cisco model: catalyst 9800
vendor: cisco model: cisco identity services engine
vendor: cisco model: ios xe
vendor: cisco model: identity services engine
vendor: cisco model: series switches
vendor: cisco model: router
vendor: cisco model: ios xr software
vendor: cisco model: ios xe software
vendor: cisco model: series
vendor: cisco model: wireless controller
vendor: cisco model: nx-os
vendor: cisco model: ios software
vendor: cisco model: ios xr

Cisco DNA Center API Insufficient Access Control Vulnerability - Cisco

Trust: 4.75

Fetched: Sept. 29, 2023, 9:09 a.m., Published: Sept. 27, 2023, 11:47 a.m.
 Vulnerabilities: access control vulnerability
Affected productsExternal IDs
vendor: cisco model: dna center

Apple Releases Security Updates for Vulnerabilities Discovered by Citizen Lab Toronto.

Trust: 5.5

Fetched: Sept. 27, 2023, 9:42 a.m., Published: Sept. 8, 2023, 2:24 p.m.
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: watchos
vendor: apple model: macos
vendor: apple model: ipad air
vendor: apple model: watch
vendor: apple model: iphone
db: NVD ids: CVE-2023-41064, CVE-2023-41061

9 Alarming Vulnerabilities Uncovered in SEL's Power Management Products

Trust: 4.0

Fetched: Sept. 27, 2023, 9:41 a.m., Published: Sept. 6, 2023, 10:13 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-31168, CVE-2023-31166, CVE-2023-31175, CVE-2023-31148, CVE-2023-31171, CVE-2023-34392