Apple Releases Emergency Patches to Fix 3 Actively Exploited Zero-Day Vulnerabilities
Apple has released emergency patches to address three zero-day vulnerabilities that are being actively exploited in the wild in attacks on iPhone and Mac users. A vulnerability – CVE-2023-41991 – in the Apple security framework could be exploited to allow a malicious app to bypass signature validation. A vulnerability has been identified in the WebKit browser engine – CVE-2023-41993 – that could be exploited via a...
Publicly Shared SAS Token for Storage Account Causes 38 TB Data Leak at Microsoft
Security researchers at Wiz have identified a major leak of internal data at Microsoft. The breach occurred three years ago in 2020 when an employee shared a URL for a blob store in a public GitHub repository while contributing to open source AI learning models. Wiz reported the data leak to the Microsoft Security Response Center (MSRC) in June, and on Monday, MSRC issued an advisory confirming this was an internal data leak involving...
TikTok Slapped with €345 Million Fine for Child Privacy Violations
The Data Protection Commission (DPC) in Ireland has fined TikTok €345 million ($368 million) for multiple violations of the General Data Protection Regulation (GDPR) related to the processing of children’s personal information and other child privacy issues. The DPC initiated an investigation of TikTok to determine if the company was fulfilling its obligations under the GDPR to protect the privacy of child users of the platform. The...
Google Releases Emergency Chrome Patch for Actively Exploited Zero Day Vulnerability
Google has released an emergency patch to fix an actively exploited vulnerability in its Chrome browser. The vulnerability, tracked as CVE-2023-4863, is a heap buffer overflow issue in the WebP code library. This type of vulnerability results in more data being written for a memory buffer than the buffer is able to hold, which can result in an application crashing or code execution. While Google has confirmed that there is an exploit...
Microsoft Patches 2 Actively Exploited Vulnerabilities on September 2023 Patch Tuesday
September 2023 Patch Tuesday has seen Microsoft release patches to fix 59 vulnerabilities across its product suite, including two actively exploited vulnerabilities. 5 flaws are rated critical, 55 are rated important, 1 is rated moderate, and the severity of 5 is unknown. The actively exploited vulnerabilities are: CVE-2023-36802 – Microsoft Streaming Service Proxy elevation of privilege vulnerability that allows attackers to gain...