Jul 21 2022

Apple patches “0-day” browser bug fixed 2 weeks ago in Chrome, Edge

Category: Web Security,Zero dayDISC @ 2:53 pm

Apple has disgorged its latest patches, fixing more than 50 CVE-numbered security vulnerabilities in its range of supported products.

The relevant security bulletins, update numbers, and where to find them online are as follows:

  • APPLE-SA-2022-07-20-1: iOS 15.6 and iPadOS 15.6, details at HT213346
  • APPLE-SA-2022-07-20-2: macOS Monterey 12.5, details at HT213345
  • APPLE-SA-2022-07-20-3: macOS Big Sur 11.6.8, details at HT213344
  • APPLE-SA-2022-07-20-4: Security Update 2022-005 Catalina, details at HT213343
  • APPLE-SA-2022-07-20-5: tvOS 15.6, details at HT213342
  • APPLE-SA-2022-07-20-6: watchOS 8.7, details at HT213340
  • APPLE-SA-2022-07-20-7: Safari 15.6, details at HT213341

As usual with Apple, the Safari browser patches are bundled into the updates for the latest macOS (Monterey), as well as into the updates for iOS and iPad OS.

But the updates for the older versions of macOS don’t include Safari, so the standalone Safari update (see HT213341 above) therefore applies to users of previous macOS versions (both Big Sur and Catalina are still officially supported), who will need to download and install two updates, not just one.

Zero Days - Season 1

DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Ask DISC an InfoSec & compliance related question

Tags: 0-day, browser bug, zero-day


Feb 17 2021

“ScamClub” gang outed for exploiting iPhone browser bug to spew ads

Category: Smart Phone,Web SecurityDISC @ 3:51 pm

Digital ad company Confiant, which claims to “improve the digital marketing experience” for online advertisers by knowing about and getting rid of malicious and unwanted ads, has just published an analysis of a malvertising group it calls ScamClub.

According to Confiant, this group is behind a massive number of those annoying and scammy popup campaigns you will almost certainly have seen, where you visit an apparently honest web page and then get pestered with online surveys.

We’ve warned our readers many times about the risks of online surveys – even ones that don’t obviously or explicitly lead to attempted malware infections.

At best, you will often end up giving away a surprising amount of personal data, typically in return for a minuscule chance of winning a free product (fancy phones, high-value gift cards and games consoles are typically used as lures).

“ScamClub” gang outed for exploiting iPhone browser bug to spew ads

Tags: browser bug