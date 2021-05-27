Cancel
CreatorsPublishersAdvertisers
View more in
Software

WebKit Flaw Crashes Safari, Could Lead to Further Exploits

By Andrew Orr
Mac Observer
 18 days ago

A WebKit flaw on iOS and macOS can cause Safari to crash and could lead to further malicious attacks. The vulnerability stems from what security researchers call a type confusion bug in the WebKit implementation of AudioWorklet, an interface that allows developers to control, manipulate, render, and output audio and decrease latency. Exploiting the vulnerability gives an attacker the basic building blocks to remotely execute malicious code on affected devices.

www.macobserver.com
IN THIS ARTICLE
#Webkit#Safari#Malicious Code#Webkit#Macos#Audioworklet#Developers#Attacks#Crash#Output Audio#Implementation#Lead#Building Blocks
YOU MAY ALSO LIKE
News Break
Technology
News Break
Computers
News Break
Software
Related
Computersinforisktoday.com

Researchers Describe Antivirus Flaws

Vulnerabilities in some antivirus software could have enabled attackers to install malware and deactivate anti-ransomware protection to take over software controls, according to researchers at the University of Luxembourg, who worked in collaboration with Royal Holloway, University of London. A report on the discovery, Cut-and-Mouse and Ghost Control: Exploiting Antivirus...
SoftwarePosted by
TechRadar

A major WordPress plugin flaw is being actively exploited in the wild

Security researchers have discovered a critical file upload vulnerability in the Fancy Product Designer WordPress plugin that is being actively exploited in the wild. In their breakdown of the vulnerability, researchers from Wordfence, which develops security solutions to protect WordPress installations, note that the affected plugin is already installed on over 17,000 sites.
Technologyinforisktoday.com

Uninstall Now: Critical WordPress Plug-In Flaw Exploited

Hackers are exploiting a critical zero-day flaw in the WordPress plug-in Fancy Product Designer, which allows remote code execution, the Wordfence Threat Intelligence team at Defiant Inc. says. Because a patch has not yet been released, the team urges users to immediately uninstall the vulnerable plug-in. Wordfence is a WordPress...
TechnologyCSS-Tricks

Debugging iOS Safari

These are my general steps, starting with not even using iOS Safari. Lemme just use the device mode in Chrome quick. Note that this does a smidge more than just display your site in a smaller area: it sends the correct User Agent String and Client Hints for that device.
Cell PhonesPosted by
Trusted Reviews

6 Ways Apple’s Safari update could spark a Google Chrome exodus in 2021

Apple’s Safari browser is getting a massive makeover this year on Mac, iPhone and iPad. Here are six of the best new features coming to the web browser in 2021. Google Chrome is still the planet’s dominant browser, with only the built-in Safari on Apple devices offering any resistance. However, whether it’s new design features, some catching-up on others and some massive privacy boosts, Apple is sure to tempt web users back to the trusty compass icon when iOS 15, iPadOS 15 and macOS Monterey arrive later in 2021.
Computerswebkit.org

WebKit Features in Safari at WWDC21

There’s a lot of news coming out of WWDC21 about WebKit and the web technology that’s shipping in Safari 15 on Apple’s platforms. Many of the new features were announced on Monday, at this year’s WWDC21 Keynote, and listed in the Safari 15 Beta Release Notes. But that’s not all, and we’re excited to share it with you.
Computersmspoweruser.com

June’s Patch Tuesday fixes 7 zero-day Windows flaws, most exploited in the wild

CVE-2021-31955 – Windows Kernel Information Disclosure Vulnerability. CVE-2021-31956 – Windows NTFS Elevation of Privilege Vulnerability. CVE-2021-33739 – Microsoft DWM Core Library Elevation of Privilege Vulnerability. CVE-2021-33742 – Windows MSHTML Platform Remote Code Execution Vulnerability. CVE-2021-31199 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. CVE-2021-31201 – Microsoft Enhanced Cryptographic Provider...
Softwarenationalcybersecuritynews.today

Google Chrome Update Needed to Avoid Nasty Security Flaw | #microsoft | #hacking | #cybersecurity

Google released an update to its Chrome browser for Windows and Mac users, and the internet giant strongly recommends that users apply the update as soon as possible. The update contains 14 security fixes — including a zero-day security flaw — that if left unchecked would leave the system vulnerable to attacks. Google categorized these fixes as critical, high, and medium importance.
Softwarenationalcybersecuritynews.today

Researchers Discover Two Dozen Malicious Chrome … | #firefox | #chrome | #microsoftedge

Extensions are being used to serve up unwanted adds, steal data, and divert users to malicious sites, Cato Networks says. Researchers at Cato Networks have discovered two dozen malicious Google Chrome browser extensions and 40 associated malicious domains that are being used to introduce adware on victim systems, steal credentials, or quietly redirect victims to malware distribution sites.
Softwarejioforme.com

Unknown attacker chains Chrome and Windows zero-days

Security researchers warn of a series of highly targeted attacks designed to endanger victims’ networks through zero-day exploits in Google Chrome and Microsoft Windows. The attacker is believed to have first exploited the patched patch. CVE-2021-21224 Remote code execution bug in Chrome. “This vulnerability was related to a typo mismatch...
Softwarenationalcybersecuritynews.today

Malware Exploits Security Teams’ Greatest Weakness: … | #firefox | #chrome | #microsoftedge

Users’ distrust of corporate security teams is exposing businesses to unnecessary vulnerabilities. In early January, Colin McMillen, the lead developer at SemiColin Games, tweeted a warning about a popular Google Chrome extension, The Great Suspender. The utility came under fire after McMillen learned the developer sold it to a third party that silently released a version that could spy on a user’s browsing habits, inject ads into websites, or even download sensitive data.