Sign-up

VARIoT news about IoT security

Update now! Apple fixes actively exploited vulnerability and introduces new features

Related entries in the VARIoT vulnerabilities database: VAR-202302-1097

Trust: 5.75

Fetched: March 31, 2023, 9:03 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: ipad
db: NVD ids: CVE-2023-23529

Apple security updates fix 33 iPhone vulnerabilities | Computer Weekly

Related entries in the VARIoT vulnerabilities database: VAR-202302-1097

Trust: 4.75

Fetched: March 31, 2023, 9:02 a.m., Published: March 28, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: tvos
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: watchos
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: ipod touch
vendor: apple model: ipad air
db: NVD ids: CVE-2023-27933, CVE-2023-23529, CVE-2023-27969

Microsoft Shares Guidance on Detecting Outlook Vulnerability Exploited by Russian Hackers - Arab Security Consultants

Trust: 4.25

Fetched: March 29, 2023, 9:22 a.m., Published: March 28, 2023, 8:31 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2023-23397

Cisco Small Business Routers Multiple Vulnerabilities (cisco-s... | Tenable®

Related entries in the VARIoT vulnerabilities database: VAR-202301-0962

Trust: 4.0

Fetched: March 29, 2023, 9:21 a.m., Published: March 1, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: small business
vendor: cisco model: cisco small business
vendor: cisco model: routers
db: NVD ids: CVE-2023-20025

Detected a vulnerability in the Wi-Fi packet buffer that affects various devices and OS | From Linux

Trust: 3.75

Fetched: March 29, 2023, 9:19 a.m., Published: March 29, 2023, 1:04 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: access points
db: NVD ids: CVE-2022-47522

iOS 15.7.4 Update for Older Devices Fixes Actively Exploited Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202302-1097

Trust: 5.25

Fetched: March 29, 2023, 9:18 a.m., Published: March 28, 2023, 12:50 p.m.
 Vulnerabilities: use after free, code execution
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: webkit
vendor: apple model: ipad air
vendor: apple model: ipod touch
db: NVD ids: CVE-2023-27928, CVE-2023-27949, CVE-2023-27969, CVE-2023-27963, CVE-2023-28182, CVE-2023-27961, CVE-2023-23541, CVE-2023-23537, CVE-2023-23529, CVE-2023-27941, CVE-2023-27954, CVE-2023-27946, CVE-2023-27956, CVE-2023-23535, CVE-2023-27936, CVE-2023-23543

Samsung monthly updates: March 2023 security patch released with 50 fixes - SamMobile

Trust: 3.5

Fetched: March 29, 2023, 9:18 a.m., Published: March 7, 2023, 5:58 a.m.
 Vulnerabilities: access control vulnerability, path traversal, improper access control
Affected productsExternal IDs
vendor: google model: android
vendor: samsung model: exynos
vendor: samsung model: galaxy

Google Pixel: Cropped or edited images can be recovered

Trust: 3.5

Fetched: March 29, 2023, 9:17 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2023-21036

Android app from China executed 0-day exploit on millions of devices | Ars Technica

Trust: 3.75

Fetched: March 29, 2023, 9:17 a.m., Published: March 27, 2023, 12:31 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2023-20963

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Low-Entropy Keys Vulnerability

Trust: 3.0

Fetched: March 29, 2023, 9:16 a.m., Published: March 22, 2023, 3:49 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: adaptive security appliance software
vendor: cisco model: device manager
vendor: cisco model: asa 5525-x
vendor: cisco model: asa software
vendor: cisco model: asa 5506h-x
vendor: cisco model: clientless ssl vpn
vendor: cisco model: firepower threat defense
vendor: cisco model: series
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: cisco 7600 series
vendor: cisco model: series routers
vendor: cisco model: cisco adaptive security appliance software
vendor: cisco model: asa 5516-x
vendor: cisco model: asa 5506-x
vendor: cisco model: catalyst
vendor: cisco model: adaptive security appliance
vendor: cisco model: firepower
vendor: cisco model: firepower threat defense software
vendor: cisco model: series switches
vendor: cisco model: firepower 2100
vendor: cisco model: firepower 9300
vendor: cisco model: asdm
vendor: cisco model: catalyst 6500
vendor: cisco model: series industrial security appliances
vendor: cisco model: 7600 series
vendor: cisco model: asa 5508-x
vendor: cisco model: catalyst 6500 series
vendor: cisco model: asa 5506w-x
vendor: cisco model: firepower threat defense virtual
vendor: cisco model: routers
vendor: cisco model: cisco catalyst 6500 series

Android यूजर्स को सरकार ने किया अलर्ट, तुरंत अपडेट कर लें डिवाइस वरना होगा भारी नुकसान

Related entries in the VARIoT vulnerabilities database: VAR-202303-0162, VAR-202303-0155, VAR-202303-0140, VAR-202303-0115, VAR-202303-0126, VAR-202303-0137, VAR-202303-0151

Trust: 3.5

Fetched: March 28, 2023, 9:20 a.m., Published: March 26, 2023, 8:58 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
db: NVD ids: CVE-2022-33242, CVE-2022-33254, CVE-2023-20911, CVE-2023-20957, CVE-2023-20931, CVE-2023-20620, CVE-2023-20623, CVE-2022-33244, CVE-2023-20963, CVE-2023-20960, CVE-2022-4452, CVE-2022-20467, CVE-2023-20621, CVE-2023-20955, CVE-2023-20917, CVE-2023-20947, CVE-2022-20499, CVE-2022-22075, CVE-2023-20964, CVE-2023-20926, CVE-2022-33213, CVE-2022-40515, CVE-2023-20952, CVE-2021-33655, CVE-2022-25705, CVE-2023-20929, CVE-2023-20954, CVE-2022-33256, CVE-2022-40530, CVE-2023-20958, CVE-2022-33309, CVE-2022-47459, CVE-2022-47460, CVE-2023-20951, CVE-2022-25709, CVE-2023-20953, CVE-2023-20910, CVE-2022-33272, CVE-2022-47461, CVE-2023-20966, CVE-2022-33278, CVE-2022-40537, CVE-2023-20956, CVE-2022-47462, CVE-2022-40535, CVE-2022-40531, CVE-2022-25694, CVE-2022-40527, CVE-2023-20959, CVE-2023-20936, CVE-2023-20906, CVE-2023-20962, CVE-2022-40540

Android app from China executed 0-day exploit on millions of devices | Flagrant Malfeasance

Trust: 3.75

Fetched: March 28, 2023, 9:17 a.m., Published: March 27, 2023, 9:38 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2023-20963

Samsung UK on Twitter: "@JEM7687 Thank you for sharing that with us. Samsung takes the safety of our customers very seriously. After determining 6 vulnerabilities may potentially impact select Galaxy devices, of which none were 'severe', Samsung released security patches for 5 of these in March. (1/2) ^RR" / Twitter

Trust: 3.25

Fetched: March 28, 2023, 9:17 a.m., Published: March 28, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: galaxy

Securing Embedded Devices Running C Code: Mitigating Double Free and Use After Free Vulnerabilities - IoT Beacon

Trust: 3.5

Fetched: March 28, 2023, 9:17 a.m., Published: March 25, 2023, 9:21 a.m.
 Vulnerabilities: code execution, use after free, memory leak...
Affected productsExternal IDs

CVE.report on Twitter: "CVE-2023-1139 : Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authenticati... https://t.co/FpfyfJIfj6" / Twitter

Trust: 3.0

Fetched: March 28, 2023, 9:14 a.m., Published: March 28, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-1139

Android users Beware: CERT-in issues high severity warning for new vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202303-0162, VAR-202303-0155, VAR-202303-0140, VAR-202303-0115, VAR-202303-0126, VAR-202303-0137, VAR-202303-0151

Trust: 5.0

Fetched: March 28, 2023, 9:13 a.m., Published: March 19, 2023, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2022-33242, CVE-2022-33254, CVE-2023-20911, CVE-2023-20957, CVE-2023-20931, CVE-2023-20620, CVE-2023-20623, CVE-2022-33244, CVE-2023-20963, CVE-2023-20960, CVE-2022-4452, CVE-2022-20467, CVE-2023-20621, CVE-2023-20955, CVE-2023-20917, CVE-2023-20947, CVE-2022-20499, CVE-2022-22075, CVE-2023-20964, CVE-2023-20926, CVE-2022-33213, CVE-2022-40515, CVE-2023-20952, CVE-2021-33655, CVE-2022-25705, CVE-2023-20929, CVE-2023-20954, CVE-2022-33256, CVE-2022-40530, CVE-2023-20958, CVE-2022-33309, CVE-2022-47459, CVE-2022-47460, CVE-2023-20951, CVE-2022-25709, CVE-2023-20953, CVE-2023-20910, CVE-2022-33272, CVE-2022-47461, CVE-2023-20966, CVE-2022-33278, CVE-2022-40537, CVE-2023-20956, CVE-2022-47462, CVE-2022-40535, CVE-2022-40531, CVE-2022-25694, CVE-2022-40527, CVE-2023-20959, CVE-2023-20936, CVE-2023-20906, CVE-2023-20962, CVE-2022-40540

PSA: Make Sure to Update Older Devices to iOS 15.7.4 to Fix Actively Exploited Vulnerability - MacRumors

Trust: 3.75

Fetched: March 28, 2023, 9:12 a.m., Published: July 15, 2004, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: notes
vendor: samsung model: note
vendor: apple model: imac
vendor: apple model: iphone
vendor: apple model: ipod touch
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: ipad air

Cisco IP Phone 7800 and 8800 Series Web Management Interface Authentication Bypass Vulnerability - Cisco

Trust: 3.75

Fetched: March 28, 2023, 9:11 a.m., Published: Jan. 11, 2023, 10:43 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: cisco model: ip phone 8821
vendor: cisco model: series
vendor: cisco model: ip phone
vendor: cisco model: wireless ip phone 8821
vendor: cisco model: ip phone 7800

Cisco ASA 5500-X Series Firewalls - Security Advisories, Responses and Notices - Cisco

Trust: 3.0

Fetched: March 28, 2023, 9:11 a.m., Published: Nov. 22, 2015, 10 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: asa 5500

Cisco IOS XE Software Fragmented Tunnel Protocol Packet Denial of Service Vulnerability

Trust: 4.0

Fetched: March 28, 2023, 9:10 a.m., Published: March 22, 2023, 3:49 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe software
vendor: cisco model: ios xe
vendor: cisco model: cisco ios