Apple macOS Multiple Security Vulnerabilities

Bugtraq ID: 103957 Class: Input Validation Error CVE: CVE-2018-4206CVE-2018-4187 Remote: Yes Local: No Published: Apr 24 2018 12:00AM Updated: Apr 24 2018 12:00AM Credit: Ian Beer of Google Project Zero and Zhiyang Zeng (@Wester) of Tencent Security Platform Department, Roman Mueller (@faker_) Vulnerable: Apple macOS 10.13.1 Apple macOS 10.13.4Apple macOS 10.13.3Apple macOS 10.13.2Apple macOS 10.13Apple macOS 10.12.6Apple macOS 10.12.5Apple macOS …

Apple iOS APPLE-SA-2018-04-24-1 Multiple Security Vulnerabilities

Apple iOS APPLE-SA-2018-04-24-1 Multiple Security Vulnerabilities Bugtraq ID: 103958 Class: Unknown CVE: CVE-2018-4206CVE-2018-4187 Remote: Yes Local: Yes Published: Apr 25 2018 12:00AM Updated: Apr 25 2018 12:00AM Credit: Ian Beer of Google Project Zero, Zhiyang Zeng (@Wester) of Tencent Security Platform Department, Roman Mueller (@faker_). Vulnerable: Apple iPod Touch 0Apple iPhone 0Apple iPad Air 0Apple iOS 5 0Apple iOS 4 …

The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a m

The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson …

ddos-for-hire-hacker-arrested
ddos-for-hire-hacker

Police Shut Down World’s Biggest ‘DDoS-for-Hire’ Service–Admins Arrested

In a major hit against international cybercriminals, the Dutch police have taken down the world’s biggest DDoS-for-hire service that helped cyber criminals launch over 4 million attacks and arrested its administrators. An operation led by the UK’s National Crime Agency (NCA) and the Dutch Police, dubbed “Power Off,” with the support of Europol and a dozen other law enforcement agencies, …

new-gmail
gmail-confidential-mode-security
gmail-smart-reply
gmail-redesign
new-gmail-features
gamil-hack

Google Redesigns Gmail – Here’s a List of Amazing New Features

Google has finally been rolling out its new massively redesigned Gmail for desktop and mobile to 1.4 billion of users worldwide, which might be the most significant single upgrade in Gmail’s history. This huge revamped version of the email service now offers plenty of new features such as confidential mode, offline support, email snoozing and more, to make Gmail more smarter, …

fulldisclosure-logo-27
left-icon-16x16-27
right-icon-16x16-27

Dell EMC ECOM XML External Entity Injection Vulnerability

Full Disclosure mailing list archives DSA-2018-013: Dell EMC ECOM XML External Entity Injection Vulnerability From: EMC Product Security Response Center Date: Mon, 23 Apr 2018 17:07:00 +0000 —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 DSA-2018-013: Dell EMC ECOM XML External Entity Injection Vulnerability EMC Identifier: DSA-2018-013 Severity: High Severity Rating: CVSS Base Score: 7.6 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L) Affected products: Dell EMC Unisphere for …

fulldisclosure-logo-26
left-icon-16x16-26
right-icon-16x16-26

Auto-detection of Compressed Files in Apple’s macOS

Full Disclosure mailing list archives Re: Auto-detection of Compressed Files in Apple’s macOS From: Nightwatch Cybersecurity Research Date: Mon, 23 Apr 2018 05:43:53 -0400 As a follow-up on this, Cisco has issued a public advisory to address this issue in their AMP appliance. It is tracked under CVE-2018-0237: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp https://nvd.nist.gov/vuln/detail/CVE-2018-0237 Thanks On Sun, Feb 25, 2018 at 9:45 PM, Nightwatch …

fulldisclosure-logo-25
left-icon-16x16-25
right-icon-16x16-25

APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4)

Full Disclosure mailing list archives APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) From: Apple Product Security Date: Tue, 24 Apr 2018 10:23:30 -0700 —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA512 APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) is now available and addresses the following: WebKit Available for: OS X El Capitan 10.11.6, …

fulldisclosure-logo-24
left-icon-16x16-24
right-icon-16x16-24

Full Disclosure: APPLE-SA-2018-04-24-2 Security Update 2018-001

Full Disclosure mailing list archives   By Date           By Thread         APPLE-SA-2018-04-24-2 Security Update 2018-001 From: Apple Product Security Date: Tue, 24 Apr 2018 10:23:16 -0700 —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA512 APPLE-SA-2018-04-24-2 Security Update 2018-001 Security Update 2018-001 is now available and addresses the following: Crash Reporter Available for: macOS High Sierra 10.13.4 Impact: An application may be able …

fulldisclosure-logo-23
left-icon-16x16-23
right-icon-16x16-23

Full Disclosure: APPLE-SA-2018-04-24-1 iOS 11.3.1

Full Disclosure mailing list archives APPLE-SA-2018-04-24-1 iOS 11.3.1 From: Apple Product Security Date: Tue, 24 Apr 2018 10:22:58 -0700 —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA512 APPLE-SA-2018-04-24-1 iOS 11.3.1 iOS 11.3.1 is now available and addresses the following: Crash Reporter Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able …