Sign-up

VARIoT news about IoT security

Threat research: CryptoClippy, Rorschach, and Winter Vivern. Device vulnerabilities. Proxyjacking.

Trust: 5.5

Fetched: April 12, 2023, 9:18 a.m., Published: April 1, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: check point model: check point
vendor: palo alto networks model: networks
vendor: palo model: networks
db: NVD ids: CVE-2022-27926

Cisco Evolved Programmable Network Manager, Cisco Identity Services Engine, and Cisco Prime Infrastructure Command Injection Vulnerabilities

Trust: 5.0

Fetched: April 12, 2023, 9:18 a.m., Published: April 5, 2023, 3:47 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: prime infrastructure
vendor: cisco model: cisco identity services engine
vendor: cisco model: cisco prime infrastructure
vendor: cisco model: cisco evolved programmable network manager
vendor: cisco model: identity services engine
vendor: cisco model: evolved programmable network manager

Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Remote Command Execution Vulnerability

Trust: 4.0

Fetched: April 12, 2023, 9:17 a.m., Published: April 5, 2023, 8:30 p.m.
 Vulnerabilities: command execution
Affected productsExternal IDs
vendor: cisco model: rv325
vendor: cisco model: service management
vendor: cisco model: rv042
vendor: cisco model: rv320
vendor: cisco model: rv082
vendor: cisco model: small business rv320
vendor: cisco model: rv042g
vendor: cisco model: cisco small business rv320
vendor: cisco model: routers
vendor: cisco model: small business
vendor: cisco model: cisco small business
vendor: cisco model: rv016

Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Command Injection Vulnerabilities

Trust: 4.0

Fetched: April 12, 2023, 9:16 a.m., Published: April 5, 2023, 3:47 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: rv325 dual gigabit wan vpn
vendor: cisco model: rv325
vendor: cisco model: routers
vendor: cisco model: small business rv320
vendor: cisco model: rv320
vendor: cisco model: small business
vendor: cisco model: cisco small business rv320
vendor: cisco model: cisco small business

Amazon Vulnerability Research Program - Devices - Bug Bounty Program | HackerOne

Trust: 4.25

Fetched: April 12, 2023, 9:16 a.m., Published: -
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: amazon model: fire tv
vendor: amazon model: echo show

Vulnerability methods and properties | Microsoft Learn

Trust: 3.0

Fetched: April 12, 2023, 9:15 a.m., Published: Dec. 18, 2020, midnight
 Vulnerabilities: privilege escalation, denial of service
Affected productsExternal IDs

Apple patches two new zero-days targeting iPhones, iPads and Macs | SC Media

Related entries in the VARIoT vulnerabilities database: VAR-202302-1097

Trust: 4.75

Fetched: April 12, 2023, 9:15 a.m., Published: April 10, 2023, 3:50 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: webkit
vendor: apple model: ipad air
vendor: apple model: safari
vendor: apple model: ipad
vendor: trend model: security
db: NVD ids: CVE-2023-23529, CVE-2023-28206, CVE-2023-28205

A benchmark test uncovered some critical vulnerabilities in thousands of QNAP devices | TechRadar

Trust: 3.0

Fetched: April 11, 2023, 9:17 a.m., Published: April 5, 2023, 10:32 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-27597, CVE-2022-27598

Apple fixes vulnerabilities used to target iPhones, iPads and Macs - ChyperNews - ChyperNews

Trust: 4.75

Fetched: April 11, 2023, 9:16 a.m., Published: April 10, 2023, 11:47 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: ipad air
vendor: apple model: ipad
db: NVD ids: CVE-2023-28206, CVE-2023-28205

Faisal Yahya on Twitter: "Apple has released crucial security updates for its devices, including iOS, iPadOS, macOS, and Safari web browser, to tackle two zero-day vulnerabilities that are currently being exploited in the wild. The flaws, identified as CVE-2023-28205 and CVE-2023-28206, present… https://t.co/WTg9CNucx3" / Twitter

Trust: 4.0

Fetched: April 11, 2023, 9:15 a.m., Published: April 11, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: macos
db: NVD ids: CVE-2023-28206, CVE-2023-28205

Smart Garage Company Fixes Vulnerability by Breaking Customers' Devices

Trust: 3.0

Fetched: April 11, 2023, 9:15 a.m., Published: April 11, 2023, 8:46 a.m.
 Vulnerabilities: -
Affected productsExternal IDs

PSA: Install iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1 Immediately, They Fix Actively Exploited Vulnerabilities

Trust: 5.25

Fetched: April 11, 2023, 9:10 a.m., Published: April 7, 2023, 8:46 p.m.
 Vulnerabilities: use after free, code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: ipad
vendor: apple model: macos
db: NVD ids: CVE-2023-28206, CVE-2023-28205

Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices - Domedigita

Related entries in the VARIoT vulnerabilities database: VAR-202108-2051, VAR-202212-1751

Trust: 4.75

Fetched: April 11, 2023, 9:10 a.m., Published: April 7, 2023, 1:15 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: samsung model: note
vendor: samsung model: mobile
vendor: google model: chrome
vendor: google model: android
db: NVD ids: CVE-2023-26083, CVE-2023-0266, CVE-2022-38181, CVE-2022-3038, CVE-2022-22706, CVE-2022-3723, CVE-2022-4262, CVE-2022-4135, CVE-2021-30900, CVE-2022-42856

iOS 16.4.1 fixes two security vulnerabilities | Rapid Meta

Trust: 4.5

Fetched: April 11, 2023, 9:09 a.m., Published: April 7, 2023, 4:06 p.m.
 Vulnerabilities: use after free, code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: safari
db: NVD ids: CVE-2023-28206

PSA: Update Your Apple Devices to Avoid Active Vulnerabilities

Trust: 4.0

Fetched: April 11, 2023, 9:09 a.m., Published: April 7, 2023, 8:11 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: macos

Nexx Fixes Vulnerability By Breaking Customers' Devices - ThreatsHub Cybersecurity News

Trust: 3.0

Fetched: April 11, 2023, 9:08 a.m., Published: April 10, 2023, 3:40 p.m.
 Vulnerabilities: -
Affected productsExternal IDs

iOS Security Breach: Apple Fixes Two Zero-Day Bugs Exploited To Hack iPhones, Macs and iPads | đŸ“² LatestLY

Trust: 4.75

Fetched: April 11, 2023, 9:08 a.m., Published: April 10, 2023, 11:13 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: safari

iOS 16.4.1 and iPadOS 16.4.1 are now out with fixes for actively exploited vulnerabilities - GSMArena.com news

Trust: 3.0

Fetched: April 11, 2023, 9:08 a.m., Published: April 16, 2001, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: ipad

80,000 Devices Vulnerable to QNAP Zero-Day Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201906-0768

Trust: 3.5

Fetched: April 11, 2023, 9:07 a.m., Published: April 8, 2023, 12:19 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2018-18472

CISA Alerts on Seven New Known Exploited Vulnerabilities -- THE Journal

Trust: 5.5

Fetched: April 11, 2023, 9:07 a.m., Published: April 12, 2023, midnight
 Vulnerabilities: code execution, command execution, privilege escalation...
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: apple model: ipad
db: NVD ids: CVE-2023-26083, CVE-2019-1388, CVE-2023-28206, CVE-2021-27876, CVE-2021-27877, CVE-2021-27878, CVE-2023-28205