Sign-up

VARIoT news about IoT security

Update your Apple devices now. New Pegasus hack prompts company to issue new software to fix iMessage vulnerability.

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 13, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: iphone

Microsoft acknowledges Windows zero-day vulnerability based on malicious Office files - OnMSFT.com

Related entries in the VARIoT vulnerabilities database: VAR-202109-1909

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 8, 2021, 2:27 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-40444

Realtek-based routers, smart devices are being gobbled up by a voracious botnet | Malwarebytes Labs

Related entries in the VARIoT vulnerabilities database: VAR-202104-0768

Trust: 4.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 24, 2021, 1:36 p.m.
 Vulnerabilities: denial of service, command injection
Affected productsExternal IDs
vendor: orange model: web server
vendor: huawei model: huawei
vendor: belkin model: router
vendor: asustek model: asus
vendor: asustek model: router
vendor: asus model: asus
vendor: asus model: router
vendor: d-link model: router
vendor: realtek model: realtek sdk
vendor: buffalo model: router
vendor: netgear model: router
db: NVD ids: CVE-2021-35395, CVE-2021-20090

Multiple attempts to exploit Realtek vulnerabilities discovered by our researchers - SAM Seamless Network

Related entries in the VARIoT vulnerabilities database: VAR-202104-0768

Trust: 5.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 19, 2021, 2:31 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: paloaltonetworks model: networks
vendor: paloaltonetworks model: palo alto networks
vendor: palo model: networks
vendor: palo model: palo alto networks
vendor: palo alto networks model: networks
vendor: palo alto networks model: palo alto networks
vendor: realtek model: realtek sdk
db: NVD ids: CVE-2021-35395, CVE-2021-20090

Here's how hackers exploit IoT device vulnerabilities to invade hardware

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 19, 2021, 9:50 a.m.
 Vulnerabilities: -
Affected productsExternal IDs

Update Your Apple Devices to Avoid This Zero-Click Malware | Tech.co

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 14, 2021, 8:33 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

Severe Bugs in Realtek SDK Affects Around Millions of IoT Devices

Trust: 6.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 17, 2021, 7:18 p.m.
 Vulnerabilities: buffer overflow, command execution, memory corruption...
Affected productsExternal IDs
vendor: realtek model: realtek sdk
db: NVD ids: CVE-2021-35394, CVE-2021-35393, CVE-2021-35392, CVE-2021-35395

CVE-2021-30860: Fix Your Apple Device against the FORCEDENTRY Zero-Day

Related entries in the VARIoT vulnerabilities database: VAR-202108-1057

Trust: 5.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 14, 2021, 10:16 a.m.
 Vulnerabilities: integer overflow, buffer overflow, code execution
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: watchos
db: NVD ids: CVE-2019-3568, CVE-2021-30860

65 vendors affected by severe vulnerabilities in Realtek chips - Help Net Security

Trust: 4.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 16, 2021, 10:36 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: asustek model: wireless routers
vendor: realtek model: realtek sdk
db: NVD ids: CVE-2021-35394, CVE-2021-35393, CVE-2021-35392, CVE-2021-35395

Apple IOS Zero-day Vulnerabilities AreRunning Rampant in 2021

Related entries in the VARIoT vulnerabilities database: VAR-202108-2172, VAR-202108-1057

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 14, 2021, 2:55 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2021-30858, CVE-2021-30860

How to fix the Windows 0x0000011b network printing error

Trust: 3.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 20, 2021, midnight
 Vulnerabilities: security bypass
Affected productsExternal IDs
db: NVD ids: CVE-2021-1678

Millions of Windows 10 PCs exposed by nasty security vulnerability | TechRadar

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 27, 2021, 3:04 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: asus model: asus

Apple products vulnerable to FORCEDENTRY zero-day attack - patch now! - Naked Security

Related entries in the VARIoT vulnerabilities database: VAR-202108-1057, VAR-202108-2172

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 14, 2021, 6:45 p.m.
 Vulnerabilities: integer overflow, code execution, buffer overflow
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: webkit
vendor: apple model: macbook
vendor: apple model: watchos
vendor: apple model: watch
vendor: apple model: macos
vendor: apple model: safari
db: NVD ids: CVE-2021-30860, CVE-2021-30858

Unpatched MacOS vulnerability lets remote attackers execute code | Ars Technica

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 22, 2021, 12:27 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: safari

How bad is that new Apple spyware vulnerability?

Trust: 3.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 14, 2021, 10:05 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

Vulnerabilities in Realtek SDK put IoT devices at risk | Born's Tech and Windows World

Trust: 4.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 26, 2021, 9:21 a.m.
 Vulnerabilities: command injection, memory corruption
Affected productsExternal IDs
vendor: netgear model: router
vendor: belkin model: router
vendor: realtek model: realtek sdk
vendor: buffalo model: router
vendor: d-link model: router
vendor: asustek model: router
db: NVD ids: CVE-2021-35392, CVE-2021-35395, CVE-2021-35393, CVE-2021-35394

Best Practices for Communicating Medical Device Vulnerabilities to Patients - ComplianceJunction

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 12, 2021, 3:27 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: medtronic model: paradigm
vendor: medtronic model: minimed 508

Critical IoT security camera vulnerability allows attackers to remotely watch live video - and gain access to networks | ZDNet

Trust: 4.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 17, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: watch
db: NVD ids: CVE-2021-28372

Millions of IoT Devices Exposed to Attacks Due to Cloud Platform Vulnerability | SecurityWeek.Com

Trust: 5.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 14, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: realtek model: realtek sdk
db: NVD ids: CVE-2021-28372

Time to check software and security settings for Windows network vulnerabilities | CSO Online

Related entries in the VARIoT vulnerabilities database: VAR-202109-1909

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 13, 2021, 7 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-40444