Category: Vulnerability
-
Apple zero-day vulnerability (CVE-2024-44309)
CVE-2024-44309 is a zero-day vulnerability addressed in Apple products, including Safari, iOS, iPadOS, macOS, and visionOS. Exploiting this flaw by processing maliciously crafted web content may lead to a cross-site scripting (XSS) attack. It has been actively exploited on Intel-based Mac systems. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS…
-
Apple zero-day vulnerability (CVE-2024-44308)
CVE-2024-44308 is a zero-day vulnerability addressed in Apple products, including Safari, iOS, iPadOS, macOS, and visionOS. Exploiting this flaw by processing maliciously crafted web content could lead to arbitrary code execution. It has been actively exploited on Intel-based Mac systems. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1,…
-
Apple security vulnerability (CVE-2024-44215)
CVE-2024-44215 is a vulnerability in Apple’s ImageIO component. It allows unauthorized disclosure of memory contents through crafted image files, which could expose sensitive information if exploited. This flaw affects multiple Apple platforms, including macOS, iOS, iPadOS, and watchOS. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1,…
-
Apple macOS security vulnerability (CVE-2024-44208)
CVE-2024-44208 is a vulnerability affecting macOS versions before Sequoia 15. This flaw, identified in Apple’s operating system, allows applications to bypass certain privacy preferences due to improper state management. The vulnerability could enable unauthorized apps to access restricted information, potentially compromising user privacy. Apple addressed this issue with improved state management in macOS Sequoia 15,…
-
Apple macOS security vulnerability (CVE-2024-44213)
CVE-2024-44213 is a vulnerability that affected macOS versions before Ventura 13.7 and Sonoma 14.7. This issue, related to URLs parsing, allowed attackers in a privileged network position to potentially leak sensitive user information. Apple addressed this by enhancing input validation, and the fix is applied in macOS Ventura 13.7.1 and macOS Sonoma 14.7.1. See more…
-
Apple macOS security vulnerability (CVE-2024-44216)
CVE-2024-44216 is a vulnerability found in macOS, related to an access control weakness in the system’s sandbox mechanism. In macOS, the sandbox is designed to limit access of applications to resources and sensitive data, isolating each app to protect user information. However, in this case, the vulnerability could allow a malicious app to bypass these…
-
Apple security vulnerability (CVE-2024-44259)
CVE-2024-44259 is a high-severity vulnerability impacting Apple’s Safari browser and several Apple operating systems, including macOS Sequoia, iOS, iPadOS, and visionOS. This vulnerability arises from a trust relationship flaw that could enable an attacker to download malicious content without proper authorization. Its potential impact is serious, as it affects confidentiality, integrity, and availability. Apple mitigated…
-
NVIDIA security vulnerability (CVE-2024-0128)
CVE-2024-0128 is a vulnerability identified in NVIDIA’s vGPU software, specifically in the Virtual GPU Manager. This flaw allows a user operating within a guest OS to access global resources improperly. If exploited successfully, it can lead to information disclosure, data tampering, and privilege escalation. Affected versions include all releases prior to version 17.4 and 16.8…
-
NVIDIA security vulnerability (CVE-2024-0127)
CVE-2024-0127 is a high-severity vulnerability affecting NVIDIA’s vGPU software, specifically in the GPU kernel driver of the vGPU Manager. It affects all supported hypervisors, allowing a user on the guest OS to exploit improper input validation, potentially compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of…
-
NVIDIA security vulnerability (CVE-2024-0126)
CVE-2024-0126 is a high-severity vulnerability affecting NVIDIA GPU Display Drivers for Windows and Linux. It stems from improper input validation (CWE-20) and could allow a privileged attacker to escalate permissions. Exploiting this vulnerability might lead to various outcomes, including arbitrary code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Affected versions…