#blastpass — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #blastpass, aggregated by home.social.
-
Blasting Past WebP - An analysis of the NSO BLASTPASS iMessage exploit
https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html
#HackerNews #Blasting #Past #WebP #An #analysis #of #the #NSO #BLASTPASS #iMessage #exploit #hackernews #security #exploit #analysis #NSO
-
Ugh! Shameful:
“India Targets Apple Over Its Phone Hacking Notifications”, The Washington Post (https://www.washingtonpost.com/world/2023/12/27/india-apple-iphone-hacking/).
On HN: https://news.ycombinator.com/item?id=38788496
#India #Media #Apple #iPhone #Security #FreeSpeech #Spyware #NSO #Pegasus #Blastpass #Adani #Corruption #WTF
-
Looking for some help, my company might not be able to fully patch CVE-2023-4863 aka BLASTPASS for a few days. Does anyone know a way of detecting exploitation of this through Splunk? Can you see it in web server logs? Next-gen firewall? WAF? I’m not seeing much info online about how to detect the exploitation.
-
Looking for some help, my company might not be able to fully patch CVE-2023-4863 aka BLASTPASS for a few days. Does anyone know a way of detecting exploitation of this through Splunk? Can you see it in web server logs? Next-gen firewall? WAF? I’m not seeing much info online about how to detect the exploitation.
-
Looking for some help, my company might not be able to fully patch CVE-2023-4863 aka BLASTPASS for a few days. Does anyone know a way of detecting exploitation of this through Splunk? Can you see it in web server logs? Next-gen firewall? WAF? I’m not seeing much info online about how to detect the exploitation.
-
Looking for some help, my company might not be able to fully patch CVE-2023-4863 aka BLASTPASS for a few days. Does anyone know a way of detecting exploitation of this through Splunk? Can you see it in web server logs? Next-gen firewall? WAF? I’m not seeing much info online about how to detect the exploitation.
-
Looking for some help, my company might not be able to fully patch CVE-2023-4863 aka BLASTPASS for a few days. Does anyone know a way of detecting exploitation of this through Splunk? Can you see it in web server logs? Next-gen firewall? WAF? I’m not seeing much info online about how to detect the exploitation.
-
Good Morning, story so far on the next log4j level #vulnerability #CVE20234863 #CVE20235129
#0day #Chrome #iOS- libwebp library is vulnerable to heap overflow and can lead to RCE.
- Apple assigned #CVE202341064 and #CVE202341061. Also actively exploited by #blastpass
- #Google assigned #CVE20235129 for Chrome 0day and also exploited
- Millions of apps and software use this library. See list sofar in 🧵
- #CVE20235129 was rejected by NVD earlier due to all this confusion of several vendors assigning CVEs affecting their products
- This will lead to vulnerability scanners not being able to correctly identify if your assets are affected with libwebp. #infosec #sectoot
-
Good Morning, story so far on the next log4j level #vulnerability #CVE20234863 #CVE20235129
#0day #Chrome #iOS- libwebp library is vulnerable to heap overflow and can lead to RCE.
- Apple assigned #CVE202341064 and #CVE202341061. Also actively exploited by #blastpass
- #Google assigned #CVE20235129 for Chrome 0day and also exploited
- Millions of apps and software use this library. See list sofar in 🧵
- #CVE20235129 was rejected by NVD earlier due to all this confusion of several vendors assigning CVEs affecting their products
- This will lead to vulnerability scanners not being able to correctly identify if your assets are affected with libwebp. #infosec #sectoot
-
Good Morning, story so far on the next log4j level #vulnerability #CVE20234863 #CVE20235129
#0day #Chrome #iOS- libwebp library is vulnerable to heap overflow and can lead to RCE.
- Apple assigned #CVE202341064 and #CVE202341061. Also actively exploited by #blastpass
- #Google assigned #CVE20235129 for Chrome 0day and also exploited
- Millions of apps and software use this library. See list sofar in 🧵
- #CVE20235129 was rejected by NVD earlier due to all this confusion of several vendors assigning CVEs affecting their products
- This will lead to vulnerability scanners not being able to correctly identify if your assets are affected with libwebp. #infosec #sectoot
-
Good Morning, story so far on the next log4j level #vulnerability #CVE20234863 #CVE20235129
#0day #Chrome #iOS- libwebp library is vulnerable to heap overflow and can lead to RCE.
- Apple assigned #CVE202341064 and #CVE202341061. Also actively exploited by #blastpass
- #Google assigned #CVE20235129 for Chrome 0day and also exploited
- Millions of apps and software use this library. See list sofar in 🧵
- #CVE20235129 was rejected by NVD earlier due to all this confusion of several vendors assigning CVEs affecting their products
- This will lead to vulnerability scanners not being able to correctly identify if your assets are affected with libwebp. #infosec #sectoot
-
Good Morning, story so far on the next log4j level #vulnerability #CVE20234863 #CVE20235129
#0day #Chrome #iOS- libwebp library is vulnerable to heap overflow and can lead to RCE.
- Apple assigned #CVE202341064 and #CVE202341061. Also actively exploited by #blastpass
- #Google assigned #CVE20235129 for Chrome 0day and also exploited
- Millions of apps and software use this library. See list sofar in 🧵
- #CVE20235129 was rejected by NVD earlier due to all this confusion of several vendors assigning CVEs affecting their products
- This will lead to vulnerability scanners not being able to correctly identify if your assets are affected with libwebp. #infosec #sectoot
-
📱 iPhone iMessage "Zeroclick" Exploits (ie: FORCEDENTRY / BLASTPASS)
&
⚠️ UK Online Safety Bill Passes
#Apple #News #infosec #cybersecurity #privacy #Pegasus #NSOgroup #spyware #malware #iPhone #iMessage #FORCEDENTRY #BLASTPASS #UK #onlinesafetybill #UnitedKingdom #FreeSpeech #FreeExpression #tech #Peertube
-
This Week in Security: Blastpass, MGM Heist, and Killer Themes - There’s yet another 0-day exploit chain discovered as part of NSO Group’s Pegasus ... - https://hackaday.com/2023/09/15/this-week-in-security-blastpass-mgm-heist-and-killer-themes/ #hackadaycolumns #securityhacks #ransomware #blastpass #honeypots #news
-
#NSO-Exploit: Apple fixt auch ältere Versionen von macOS, iOS und iPadOS | Mac & i https://www.heise.de/news/NSO-Exploit-Apple-fixt-auch-aeltere-Versionen-von-macOS-iOS-und-iPadOS-9301842.html #blastpass #Patchday #NSOgroup
-
After Apple’s #BLASTPASS patches, come a bunch of others. Exploits are in the wild.
The bug is in #libwebp—a Google #WebP image library built in to many apps. In today’s #SBBlogwatch, we prepare for carpal tunnel. At #TechstrongGroup’s #SecurityBlvd: https://securityboulevard.com/2023/09/patch-everything-widely-used-webp-code-has-critical-bug/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc
-
After Apple’s #BLASTPASS patches, come a bunch of others. Exploits are in the wild.
The bug is in #libwebp—a Google #WebP image library built in to many apps. In today’s #SBBlogwatch, we prepare for carpal tunnel. At #TechstrongGroup’s #SecurityBlvd: https://securityboulevard.com/2023/09/patch-everything-widely-used-webp-code-has-critical-bug/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc
-
After Apple’s #BLASTPASS patches, come a bunch of others. Exploits are in the wild.
The bug is in #libwebp—a Google #WebP image library built in to many apps. In today’s #SBBlogwatch, we prepare for carpal tunnel. At #TechstrongGroup’s #SecurityBlvd: https://securityboulevard.com/2023/09/patch-everything-widely-used-webp-code-has-critical-bug/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc
-
After Apple’s #BLASTPASS patches, come a bunch of others. Exploits are in the wild.
The bug is in #libwebp—a Google #WebP image library built in to many apps. In today’s #SBBlogwatch, we prepare for carpal tunnel. At #TechstrongGroup’s #SecurityBlvd: https://securityboulevard.com/2023/09/patch-everything-widely-used-webp-code-has-critical-bug/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc
-
After Apple’s #BLASTPASS patches, come a bunch of others. Exploits are in the wild.
The bug is in #libwebp—a Google #WebP image library built in to many apps. In today’s #SBBlogwatch, we prepare for carpal tunnel. At #TechstrongGroup’s #SecurityBlvd: https://securityboulevard.com/2023/09/patch-everything-widely-used-webp-code-has-critical-bug/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc
-
Security Alert: Please be sure to update your #Apple #iPhone!
Last week, while checking the device of an individual employed by a Washington DC-based civil society organization with international offices, #CitizenLab found an actively exploited zero-click vulnerability being used to deliver #NSO Group’s #Pegasus mercenary #spyware.
#BlastPass #ZeroDay #ZeroClic
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-i -
HackRead: Update NOW! Pegasus Spyware Exploit Found in iPhones Running Latest iOS https://www.hackread.com/blastpass-pegasus-spyware-exploit-iphones-ios/ #Vulnerability #Surveillance #BLASTPASS #Security #security #Malware #Pegasus #Spyware #iPhone #0day #iOS
-
Apple fixes 0-Day Vulnerability in Older Operating Systems #blastpass #ios #macos https://i5c.us/d30210
-
NSO-Group-Angriff: Notfall-Updates für iPhone, iPad, Mac und Apple Watch | Mac & i https://www.heise.de/news/NSO-Group-Angriff-Notfall-Updates-fuer-iPhone-iPad-Mac-und-Apple-Watch-9298564.html #BLASTPASS #NSO #NSOgroup #Exploit #Patchday
-
Yet another zero-click exploit for iPhone catched in the wild. https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
#iphone #brokensecurity #infosec #exploit #citizenlab #blastpass -
📬 Apple stopft kritische Sicherheitslücken in iOS und macOS
#Cyberangriffe #Mobilfunk #Blastpass #CitizenLab #ExploitKette #ImageIO #LockdownModus #NSOGroup #Pegasus #WalletApp https://tarnkappe.info/artikel/cyberangriff/apple-stopft-kritische-sicherheitsluecken-in-ios-und-macos-280288.html -
New actively exploited zero-day vulnerabilities (CVE-2023-41064 and CVE-2023-4106) in iOS have been disclosed by researchers from @[email protected].
The vulnerabilities are being used by the "BLASTPASS" exploit to deploy NSO Group's Pegasus mercenary spyware. The exploit involves a PassKit attachment that contains malicious images sent from an attacker iMessage account to its victim. The researchers also note that no user interaction is required by the victim for this exploit to work.
Apple has since released patches for this zero-day vulnerability. Both Apple & Citizen Lab urges iPhone users to update as soon as possible.
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
Apple security advisory: https://support.apple.com/en-us/HT213905
#infosec #cybersecurity #zeroday #blastpass #citizenlab #nsogroup #pegasus #spyware #iOS #iPhone #iMessage #patchnow