Sign-up

VARIoT news about IoT security

Faisal Yahya on Twitter: "Apple has released crucial security updates for its devices, including iOS, iPadOS, macOS, and Safari web browser, to tackle two zero-day vulnerabilities that are currently being exploited in the wild. The flaws, identified as CVE-2023-28205 and CVE-2023-28206, present… https://t.co/WTg9CNucx3" / Twitter

Trust: 4.0

Fetched: April 11, 2023, 9:15 a.m., Published: April 11, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: macos
db: NVD ids: CVE-2023-28206, CVE-2023-28205

Smart Garage Company Fixes Vulnerability by Breaking Customers' Devices

Trust: 3.0

Fetched: April 11, 2023, 9:15 a.m., Published: April 11, 2023, 8:46 a.m.
 Vulnerabilities: -
Affected productsExternal IDs

PSA: Install iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1 Immediately, They Fix Actively Exploited Vulnerabilities

Trust: 5.25

Fetched: April 11, 2023, 9:10 a.m., Published: April 7, 2023, 8:46 p.m.
 Vulnerabilities: use after free, code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: ipad
vendor: apple model: macos
db: NVD ids: CVE-2023-28206, CVE-2023-28205

Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices - Domedigita

Related entries in the VARIoT vulnerabilities database: VAR-202108-2051, VAR-202212-1751

Trust: 4.75

Fetched: April 11, 2023, 9:10 a.m., Published: April 7, 2023, 1:15 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: samsung model: note
vendor: samsung model: mobile
vendor: google model: chrome
vendor: google model: android
db: NVD ids: CVE-2023-26083, CVE-2023-0266, CVE-2022-38181, CVE-2022-3038, CVE-2022-22706, CVE-2022-3723, CVE-2022-4262, CVE-2022-4135, CVE-2021-30900, CVE-2022-42856

iOS 16.4.1 fixes two security vulnerabilities | Rapid Meta

Trust: 4.5

Fetched: April 11, 2023, 9:09 a.m., Published: April 7, 2023, 4:06 p.m.
 Vulnerabilities: use after free, code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: safari
db: NVD ids: CVE-2023-28206

PSA: Update Your Apple Devices to Avoid Active Vulnerabilities

Trust: 4.0

Fetched: April 11, 2023, 9:09 a.m., Published: April 7, 2023, 8:11 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: macos

Nexx Fixes Vulnerability By Breaking Customers' Devices - ThreatsHub Cybersecurity News

Trust: 3.0

Fetched: April 11, 2023, 9:08 a.m., Published: April 10, 2023, 3:40 p.m.
 Vulnerabilities: -
Affected productsExternal IDs

iOS Security Breach: Apple Fixes Two Zero-Day Bugs Exploited To Hack iPhones, Macs and iPads | đŸ“² LatestLY

Trust: 4.75

Fetched: April 11, 2023, 9:08 a.m., Published: April 10, 2023, 11:13 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: safari

iOS 16.4.1 and iPadOS 16.4.1 are now out with fixes for actively exploited vulnerabilities - GSMArena.com news

Trust: 3.0

Fetched: April 11, 2023, 9:08 a.m., Published: April 16, 2001, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: ipad

80,000 Devices Vulnerable to QNAP Zero-Day Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201906-0768

Trust: 3.5

Fetched: April 11, 2023, 9:07 a.m., Published: April 8, 2023, 12:19 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2018-18472

CISA Alerts on Seven New Known Exploited Vulnerabilities -- THE Journal

Trust: 5.5

Fetched: April 11, 2023, 9:07 a.m., Published: April 12, 2023, midnight
 Vulnerabilities: code execution, command execution, privilege escalation...
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: apple model: ipad
db: NVD ids: CVE-2023-26083, CVE-2019-1388, CVE-2023-28206, CVE-2021-27876, CVE-2021-27877, CVE-2021-27878, CVE-2023-28205

Protect Your Apple Devices: Two Zero-Day Vulnerabilities Exploited by Hackers

Related entries in the VARIoT vulnerabilities database: VAR-202302-1097

Trust: 3.75

Fetched: April 11, 2023, 9:07 a.m., Published: April 9, 2023, 5:43 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: ipad air
vendor: apple model: ipad
db: NVD ids: CVE-2023-23529, CVE-2023-28206, CVE-2023-28205

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

Trust: 3.5

Fetched: April 11, 2023, 9:06 a.m., Published: April 1, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

CISA Issues Warnings on Seven New Exploited Vulnerabilities -- Campus Technology

Trust: 5.5

Fetched: April 11, 2023, 9:06 a.m., Published: April 10, 2023, midnight
 Vulnerabilities: code execution, command execution, privilege escalation...
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: apple model: ipad
db: NVD ids: CVE-2023-26083, CVE-2019-1388, CVE-2023-28206, CVE-2021-27876, CVE-2021-27877, CVE-2021-27878, CVE-2023-28205

Apple patches vulnerabilities used to target iPhones, iPads and Macs - SiliconANGLE

Trust: 5.75

Fetched: April 11, 2023, 9:05 a.m., Published: April 10, 2023, 11:43 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: ipad air
vendor: apple model: ipad
db: NVD ids: CVE-2023-28206, CVE-2023-28205

Apple launches iOS 15.7.4 and more, fixing bugs on older devices

Trust: 3.75

Fetched: April 11, 2023, 9:04 a.m., Published: March 28, 2023, 1:43 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: macos
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: ipod touch
vendor: apple model: tvos
vendor: apple model: ipad air
vendor: apple model: ipad

Apple releases emergency security updates to patch iPhone, iPad and Mac zero-day flaws | Tom's Guide

Trust: 4.5

Fetched: April 11, 2023, 9:03 a.m., Published: April 10, 2023, 3:33 p.m.
 Vulnerabilities: use after free, code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: ipad air
vendor: apple model: ipad
db: NVD ids: CVE-2023-28206

Apple just patched a pair of dangerous iOS and macOS security issues, so update now | TechRadar

Trust: 4.5

Fetched: April 11, 2023, 9:02 a.m., Published: April 10, 2023, 1:20 p.m.
 Vulnerabilities: use after free, code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: ipad
vendor: apple model: macos
db: NVD ids: CVE-2023-28206, CVE-2023-28205

A benchmark test uncovered some critical vulnerabilities in thousands of QNAP devices | TechRadar

Trust: 3.0

Fetched: April 7, 2023, 9:31 a.m., Published: April 5, 2023, 10:32 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-27598, CVE-2022-27597

A benchmark test uncovered some critical vulnerabilities in thousands of QNAP devices | PC Help Forum

Trust: 3.0

Fetched: April 7, 2023, 9:27 a.m., Published: Feb. 26, 2000, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-27598, CVE-2022-27597