D-Link says replace vulnerable routers or risk pwnage
(theregister.com)
Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a serious remote code execution (RCE) vulnerability.
Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a serious remote code execution (RCE) vulnerability.
Zero-Click Calendar invite vulnerability chain in macOS
(medium.com)
I found a zero-click vulnerability in macOS Calendar, which allows an attacker to add or delete arbitrary files inside the Calendar sandbox environment. This could lead to many bad things including malicious code execution which can be combined with security protection evasion with Photos to compromise users’ sensitive Photos iCloud Photos data. Apple has fixed all of the vulnerabilities between October 2022 and September 2023.
I found a zero-click vulnerability in macOS Calendar, which allows an attacker to add or delete arbitrary files inside the Calendar sandbox environment. This could lead to many bad things including malicious code execution which can be combined with security protection evasion with Photos to compromise users’ sensitive Photos iCloud Photos data. Apple has fixed all of the vulnerabilities between October 2022 and September 2023.