thehackernews.com Open in urlscan Pro
2606:4700:20::681a:396  Public Scan

Form analysis
2 forms found in the DOM

GET https://www.google.com/cse

<form action="https://www.google.com/cse" id="searchform" method="get"><input autocomplete="off" id="s" name="q" placeholder="Search Here..." type="text">
  <input name="cx" type="hidden" value="partner-pub-7983783048239650:3179771210">
</form>

Name: f1 — POST https://inl02.netline.com/rssnews0001/

<form action="https://inl02.netline.com/rssnews0001/" class="clear cf" id="subform" method="post" name="f1" target="_blank">
  <div class="email-box-h3">Join 120,000+ Professionals</div>
  <p>Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.</p>
  <div class="email-input">
    <input name="_submit" type="hidden" value="0001">
    <input id="brand" name="brand" type="hidden" value="thehackernews">
    <div class="e-book"><input checked="yes" id="opt_001" name="opt_001" type="checkbox" value="Y"><input checked="yes" id="opt_003" name="opt_003" type="checkbox" value="Y"></div><label class="visuallyhidden" for="input-email">Email</label><input
      class="text" id="input-email" name="email" placeholder="Your e-mail address" required="" type="email">
    <button aria-label="Subscribe" id="submitform" type="submit" value="Subscribe"></button>
  </div>
</form>

Text Content

#1 Trusted Cybersecurity News Platform Followed by 4.50+ million  


 Get the Free Newsletter
 *  Home
 *  Newsletter
 *  Webinars

 * Home
 * Data Breaches
 * Cyber Attacks
 * Vulnerabilities
 * Webinars
 * Store
 * Contact





Resources
 * Webinars
 * THN Store
 * Free eBooks

About Site
 * About THN
 * Jobs
 * Advertise with us


Contact/Tip Us

Reach out to get featured—contact us to send your exclusive story idea,
research, hacks, or ask us a question or leave a comment/feedback!

Follow Us On Social Media
    
 RSS Feeds  Email Alerts  Telegram Channel



URGENT: APPLE ISSUES CRITICAL UPDATES FOR ACTIVELY EXPLOITED ZERO-DAY FLAWS

Mar 06, 2024NewsroomVulnerability / Zero Day

Apple has released security updates to address several security flaws, including
two vulnerabilities that it said have been actively exploited in the wild.

The shortcomings are listed below -

 * CVE-2024-23225 - A memory corruption issue in Kernel that an attacker with
   arbitrary kernel read and write capability can exploit to bypass kernel
   memory protections

 * CVE-2024-23296 - A memory corruption issue in the RTKit real-time operating
   system (RTOS) that an attacker with arbitrary kernel read and write
   capability can exploit to bypass kernel memory protections

It's currently not clear how the flaws are being weaponized in the wild. Apple
said both the vulnerabilities were addressed with improved validation in iOS
17.4, iPadOS 17.4, iOS 16.7.6, and iPadOS 16.7.6.



The updates are available for the following devices -

 * iOS 16.7.6 and iPadOS 16.7.6 - iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th
   generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation

 * iOS 17.4 and iPadOS 17.4 - iPhone XS and later, iPad Pro 12.9-inch 2nd
   generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and
   later, iPad Air 3rd generation and later, iPad 6th generation and later, and
   iPad mini 5th generation and later

With the latest development, Apple has addressed a total of three actively
exploited zero-days in its software since the start of the year. In late January
2024, it plugged a type confusion flaw in WebKit (CVE-2024-23222) impacting iOS,
iPadOS, macOS, tvOS, and Safari web browser that could result in arbitrary code
execution.

The development comes as the U.S. Cybersecurity and Infrastructure Security
Agency (CISA) added two flaws to its Known Exploited Vulnerabilities (KEV)
catalog, urging federal agencies to apply necessary updates by March 26, 2024.



The vulnerabilities concern an information disclosure flaw affecting Android
Pixel devices (CVE-2023-21237) and an operating system command injection flaw in
Sunhillo SureLine that could result in code execution with root privileges
(CVE-2021-36380).

Google, in an advisory published in June 2023, acknowledged it found indications
that "CVE-2023-21237 may be under limited, targeted exploitation." As for
CVE-2021-36380, Fortinet revealed late last year that a Mirai botnet called
IZ1H9 was leveraging the flaw to corral susceptible devices into a DDoS botnet.



Found this article interesting? Follow us on Twitter  and LinkedIn to read more
exclusive content we post.

SHARE    
Tweet
Share
Share
Share
 Share on Facebook Share on Twitter Share on Linkedin Share on Reddit
Share on Hacker News Share on Email Share on WhatsApp Share on Facebook
Messenger Share on Telegram
SHARE 
Apple, hacking, Vulnerability, zero day

State of AI in the Cloud 2024

Find out what 150,000+ cloud accounts revealed about the AI surge.

Read the Report

Goodbye, Atlassian Server. Goodbye… Backups?

Protect your data on Atlassian Cloud from disaster with daily backups and
on-demand restores.

Get Cloud Backups
Trending News
U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp
How to Use Tines's SOC Automation Capability Matrix
Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure
U.S. Charges Iranian Hacker, Offers $10 Million Reward for Capture
Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets
New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems
Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway Vulnerabilities
Over 100 Malicious AI/ML Models Found on Hugging Face Platform
Popular Resources
Your SaaS Apps Could Be Leaking Data. This CISO's Guide Shows How
New Report Reveals How to Analyze Misidentified SaaS Security Gaps
Attackers Have Upgraded - Shouldn't You? (Read Latest Threat Report)
End Alert Fatigue with Myrror – Ultimate Shield Against Supply Chain Threats
⚡ Strategy, Tools, and Triumph!


STATE OF AI IN THE CLOUD 2024

Find out what 150,000+ cloud accounts revealed about the AI surge.

Read the Report


CYBERSECURITY WEBINARS

Democratize Data, Democratize Results


TURN 1ST-PARTY DATA INTO PRIVACY-FIRST CUSTOMER ENGAGEMENT

Struggling with GDPR and privacy-focused browsers? Harness first-party data to
transform customer engagement.

Learn, Connect, Grow New Threats, New Strategies


LEARN HOW TO SHIELD EVERY IDENTITY IN YOUR SAAS ECOSYSTEM

From Humans to Bots: Every Identity in Your SaaS App Could Be a Backdoor for
Cybercriminals.

Secure Your Spot Now
Breaking News

Cybersecurity Resources
Enter the Passwordless & Keyless Future of Access Management
Reduce risks, costs & complexity of passwords and keys. Learn how to become
credential-less in this whitepaper.
Discover How to Leverage AI to Prevent Cyber Risks
Our guide helps you understand AI security misconceptions, risk assessment
strategies for AI features, third-party security, and AI governance.
AWS Security Best Practices
Improve your security posture across your AWS footprint with this checklist.
Securing U.S. Infrastructure Amid Volt Typhoon Threat
After China's Volt Typhoon cyber threat, cyberspace experts urge collaboration.

Join 120,000+ Professionals

Sign up for free and start receiving your daily dose of cybersecurity news,
insights and tips.


Email

Connect with us!

910,000 Followers

550,100 Followers

22,000 Subscribers

147,000 Followers

1,950,000 Followers

124,000 Subscribers
Company
 * About THN
 * Advertise with us
 * Contact

Pages
 * Webinars
 * Deals Store
 * Privacy Policy

Deals
 * Hacking
 * Development
 * Android

 RSS Feeds
 Contact Us
© The Hacker News, 2023. All Rights Reserved.