Category: Zero-day
-
Apple zero-day vulnerability (CVE-2024-44309)
CVE-2024-44309 is a zero-day vulnerability addressed in Apple products, including Safari, iOS, iPadOS, macOS, and visionOS. Exploiting this flaw by processing maliciously crafted web content may lead to a cross-site scripting (XSS) attack. It has been actively exploited on Intel-based Mac systems. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS…
-
Apple zero-day vulnerability (CVE-2024-44308)
CVE-2024-44308 is a zero-day vulnerability addressed in Apple products, including Safari, iOS, iPadOS, macOS, and visionOS. Exploiting this flaw by processing maliciously crafted web content could lead to arbitrary code execution. It has been actively exploited on Intel-based Mac systems. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1,…
-
Fortinet FortiManager zero-day vulnerability (CVE-2024-47575)
CVE-2024-47575 is a critical zero-day vulnerability identified in Fortinet’s FortiManager, primarily due to missing authentication checks on a critical function in its fgfmd daemon. Rated with a CVSS score of 9.8, the flaw enables unauthenticated remote attackers to execute arbitrary code or commands on vulnerable devices through specially crafted requests. Fortinet has reported active exploitation…
-
Mozilla Firefox 131.0.1 security vulnerability (CVE-2024-9680)
CVE-2024-9680 is a critical vulnerability identified as a use-after-free flaw in Mozilla Firefox and Thunderbird. This vulnerability, which has been actively exploited as a zero-day, affects Firefox versions prior to 131.0.2 and Thunderbird versions prior to 131.0.1. The flaw occurs in the browsers’ handling of Animation timelines, allowing attackers to execute arbitrary code by exploiting…
-
Rapid Reset vulnerability (CVE-2023-44487)
Rapid Reset, the zero-day vulnerability in the HTTP/2 protocol that was exploited, starting on August 2023, to launch the largest DDoS attack ever with 398 million requests per second. (see CISA Alert and CVE-2023-44487 for details)
-
Zero-day vulnerability
A zero-day vulnerability, often referred to as a “0-day,” is a type of software vulnerability or security flaw that is unknown to the software vendor or developer. This term is derived from the concept that the vulnerability becomes known to malicious actors on “day zero” because it is exploited immediately, often before the software’s creator…