Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities

The Hacker News - 4 Květen, 2024 - 10:38
Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as APT28, drawing condemnation from the European Union (E.U.), the North Atlantic Treaty Organization (NATO), the U.K., and the U.S. The Czech Republic's Ministry of Foreign Affairs (MFA), in a statement, said some unnamed
Kategorie: Hacking & Security

Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities

The Hacker News - 4 Květen, 2024 - 10:38
Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as APT28, drawing condemnation from the European Union (E.U.), the North Atlantic Treaty Organization (NATO), the U.K., and the U.S. The Czech Republic's Ministry of Foreign Affairs (MFA), in a statement, said some unnamed Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Apple earnings: About that iPhone ‘slump’ in China

Computerworld.com [Hacking News] - 3 Květen, 2024 - 18:23

If he hasn’t already, it’s past time for Apple CEO Tim Cook to gain a reputation for dry wit when it comes to handling preconceived opinion — he ladled out several helpings of this during Apple’s second-quarter fiscal call on Thursday. Though the company’s financials were down, they were still ahead of what Wall Street had anticipated.

Revenue for the quarter was $90.8 billion, down 4% from the same quarter last year, but Apple’s gross margins increased to 46.6%, mainly on the strength of solid services increases.

Cook states the facts 

For me, one of his best lines during the presentation was captured in this exchange during analyst questions:

Wells Fargo analyst:  “I guess I’m going to go back to the China question. I guess at a high level, the simple question is, when we look at the data points that have been repeatedly reported throughout the course of this quarter, I’m curious, Tim, what are we missing? Where do you think people are missing Apple’s iPhone traction within the Chinese market?”

Tim Cook: “I can’t address the data points. I can only address what our results are. And we did accelerate last quarter and the iPhone grew in mainland China. So that’s what the results were. I can’t bridge to numbers we didn’t come up with.”

Translation: The analyst is confused because all the industry data points (IDC, Counterpoint, Gartner, Ming Chi Kuo) seem to have been inaccurate. Cook simply dismisses those estimates with the company’s actual results.

What happened in China?

What’s confusing here is that the company’s management report confirms weak iPhone sales in every segment — but in part this reflects one of those “difficult comparisons” the company likes to state. 

Think back to this time last year, when Apple was just emerging from what had been a very difficult time operationally. In the run up to this quarter a year ago, COVID-19 had closed the iPhone factories, meaning lots of smartphones weren’t being made, and order fulfillment was delayed. Apple told us then that it realized about $5 billion in iPhones sales in the quarter that would have been made in the preceding one. 

That’s not the case this year. “If you remove that $5 billion from last year’s results, we would have grown this quarter on a year-over-year basis,” Cook said. “And so that’s how we look at it internally from how the company is performing.” 

If that’s true, it explains why Apple doesn’t seem especially concerned that its iPhone sales internationally did decline by 10% in revenue in the quarter. After all, the iPhone was the top-selling smartphone model in the US, urban China, Australia, UK, France, Germany, and Japan. The device also achieved 99% customer satisfaction according to Changewave.

Managing change

Even though Cook told us that iPhone sales grew in China, both the Wall Street Journal and Nikkei insist sales fell there. In fact, the two best-selling smartphones in mainland China during the quarter were the iPhone 15 and 15 Pro Max, Apple confirmed during the presentation. 

Apple did concede that it has work to do on its other products, and iPhone sales were down in contrast to this time last year. Weakness was felt across multiple markets, and with the iPhone Apple’s biggest product, the impact of this and softening iPad sales contributed to revenue decline.

What is interesting is that in Japan and elsewhere in the APAC region, Apple sales seemed weak. That doesn’t mean there isn’t an appetite for the company’s products. Cook sees enthusiasm across the region: “Everywhere I travel, people have such a great affinity for Apple, and it’s one of the many reasons I’m so optimistic about the future,” he said. He also expressed his confidence in the long-term Apple market in China.

What about enterprise use?

Apple made a handful of references to enterprise sales, the majority of which pertained to its latest device, the Vision Pro headset. The company reported that over half of the world’s Fortune 100 companies have already bought Vision Pro units to explore what the device can do for their business. 

“We are seeing so many compelling use cases, from aircraft engine maintenance training at KLM to real-time team collaboration and immersive kitchen design at Lowes,” said Apple CFO Luca Maestri.

Apple also confirmed the ongoing rise of Macs in the enterprise. “More and more enterprise customers are embracing the Mac,” said Maestri.

In healthcare, Epic Systems, the world’s largest electronic medical record provider, recently launched its native app for the Mac, making it easier for healthcare organizations like Emory Help to transition thousands of PCs to the Mac for clinical use. “I think there’s a great opportunity for us around the world in enterprise,” said Cook.

A note on Europe

Two points seemed interesting:

  • Apple anticipates solid services growth (which includes Europe) in the current quarter, despite the EU’s DMA act which is forcing it to change its App Store business model.
  • With those changes, Apple said it’s too early to tell whether consumers or developers will migrate outside the App Store; its focus for now is on complying with the EU law while “mitigating the impacts to user privacy and security” of doing so.
One step beyond

Apple also discussed emerging markets. 

Maestri: “…When we start looking at places like India, like Saudi, like Mexico, Turkey, Brazil, Mexico and Indonesia, the numbers are getting large. And we’re very happy because these are markets where our market share is low. The populations are large and growing. And our products are really making a lot of progress within those markets. The level of excitement for the brand is very high. So, it is very good for us.

“And then and certainly the numbers are getting larger all the time. And so the gap as you compare it to the numbers in China is reducing. And hopefully that trajectory continues for a long time.”

The takeaway from those statements tells me that, like any farmer, Apple is investing in future business growth and most certainly sees rapidly emerging markets as the bedrock for tomorrow’s success as mature markets atrophy.

What happens next?

Looking forward, Apple warned of low single-digit growth in the June quarter, with services predicted to continue to grow and the iPad to see double-digit growth. The company is expected to ship a new iPad as soon as next week. 

That iPad may also introduce some new AI-driven tools, perhaps as a taster of what to expect at WWDC and their expected spread across the company’s products this fall. Discussing generative AI, Cook described it as a “very key” opportunity, stressed his confidence that the company has advantages to bring such tech to market, and promised “we will be talking more about it as we go through the weeks ahead”. So, there’s a lot to look forward to.

Apple’s data points

So, having established that there’s no data about Apple better than Apple’s own data, what data points did Apple share? You can review its press release here and financial statements here and here. What follows are some details cherry-picked from within the company’s analyst call:

  • Apple reached revenue records in more than a dozen countries and regions, including in Latin America and the Middle East, as well as Canada, India, Spain, and Turkey.
  • It also achieved an all-time revenue record in Indonesia, “one of the many markets where we continue to see so much potential,” said Cook, who recently visited the nation.
  • Services hit an all-time revenue record, up 14% YoY at $23.9 billion. (It’s worth noting that recent data indicates Apple TV+ is the fastest growing streaming service in major markets.)
  • Mac sales by revenue grew 4% YoY. (Cook described the MacBook Air as “the best consumer laptop for AI”, which I take to mean “watch this space.”)
  • iPad revenue fell 17%, ahead of next week’s expected refresh.
  • Wearables, home, and accessory sales fell 10%.
  • Apple nodded toward CSR, confirming its plan to be completely carbon neutral across its business by 2030 and celebrating that it has reduced overall emissions by over 50% even while revenue (and therefore sales) increased 65% since 2015.
  • Apple expects gross margins in the June quarter of 45.5% to 46.5% (which is really high, even for Apple).
  • Apple predicts single-digit growth in comparison to last year in the upcoming June quarter. In 2023, it booked $81.8 billion in revenue for that period.
  • If you own Apple shares, you’ll get 25 cents per share on May 16.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Apple, iMac, iPhone, Mobile
Kategorie: Hacking & Security

Expert-Led Webinar - Uncovering Latest DDoS Tactics and Learn How to Fight Back

The Hacker News - 3 Květen, 2024 - 14:53
In today's rapidly evolving digital landscape, the threat of Distributed Denial of Service (DDoS) attacks looms more significant than ever. As these cyber threats grow in sophistication, understanding and countering them becomes crucial for any business seeking to protect its online presence. To address this urgent need, we are thrilled to announce our upcoming webinar, "Uncovering Contemporary
Kategorie: Hacking & Security

Expert-Led Webinar - Uncovering Latest DDoS Tactics and Learn How to Fight Back

The Hacker News - 3 Květen, 2024 - 14:53
In today's rapidly evolving digital landscape, the threat of Distributed Denial of Service (DDoS) attacks looms more significant than ever. As these cyber threats grow in sophistication, understanding and countering them becomes crucial for any business seeking to protect its online presence. To address this urgent need, we are thrilled to announce our upcoming webinar, "Uncovering Contemporary The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications

The Hacker News - 3 Květen, 2024 - 14:35
Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.
Kategorie: Hacking & Security

Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications

The Hacker News - 3 Květen, 2024 - 14:35
Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News. Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Microsoft begins to phase out ‘classic’ Teams

Computerworld.com [Hacking News] - 3 Květen, 2024 - 14:23

Seven years after the launch of Teams, Microsoft has outlined plans to retire the initial, “classic” version of the team chat app. Support for Teams classic will end on July 1 and it will be discontinued a year later; atthat point, users will be unable to access the legacy client. 

Microsoft released the new 2.1 version of Teams last October after several months in preview, claiming the new app is twice as fast and uses around 50% less memory than its predecessor. 

The move represents the biggest change to the collaboration application since it arrived in 2017 to take on rival Slack. Since then, Teams has reached 320 million monthly users, according to recent data, having capitalized on the big uptick in video meetings during the COVID-19 pandemic. That said, it hasn’t alwaysbeen well-liked by users.

While the two Teams versions have coexisted in recent months, Microsoft recently outlined its schedule to phase out classic Teams on its admin site. With the end of support coming,  no new features will be added going forward and Microsoft will cease to help customers resolve support issues. At this stage, customers will start to receive in-app messages informing them that their version of Teams is out of date. End of support was initially planned for March 31 before being pushed back.

Users will be unable to access or use the classic Teams as of July 1, 2025. Those using classic Teams on Windows 7, 8, 8.1, and macOS Sierra will see the end of availability occur earlier, on Oct. 23, 2024. 

While there are advantages with the new version of Teams, some capabilities will disappear, too.  

Earlier this week, Microsoft outlined a host of changes that users might notice once they move to the new Teams. Some involve new ways to access existing tools, as well as several smaller features that will no longer be available: the activity tab in Teams chat, and Adaptive Card-based tabs in personal app tabs, for example.

The timeframe for retiring the classic Teams app seems abrupt, according to Raúl Castañón, senior research analyst at 451 Research, part of S&P Global Market Intelligence, and Microsoft appears to be pressuring customers to update to the new version. 

“Some business might be slow to move to the new app because they may have planned to update at a later date, or because they might want to wait until Microsoft has worked out software bugs from the initial versions,” he said. 

Classic Teams is one of several Microsoft products heading toward end of support. Windows 10 users will no long receive security or technical support as of Oct.14, 2025, as Microsoft encourges users to migrate to Windows 11. Microsoft will also end support for Office 2016 and 2019 application suites, and related productivity servers, on the same day.  

Collaboration Software, Microsoft Teams, Productivity Software
Kategorie: Hacking & Security

New Guide Explains How to Eliminate the Risk of Shadow SaaS and Protect Corporate Data

The Hacker News - 3 Květen, 2024 - 12:42
SaaS applications are dominating the corporate landscape. Their increased use enables organizations to push the boundaries of technology and business. At the same time, these applications also pose a new security risk that security leaders need to address, since the existing security stack does not enable complete control or comprehensive monitoring of their usage.
Kategorie: Hacking & Security

New Guide Explains How to Eliminate the Risk of Shadow SaaS and Protect Corporate Data

The Hacker News - 3 Květen, 2024 - 12:42
SaaS applications are dominating the corporate landscape. Their increased use enables organizations to push the boundaries of technology and business. At the same time, these applications also pose a new security risk that security leaders need to address, since the existing security stack does not enable complete control or comprehensive monitoring of their usage. The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources

The Hacker News - 3 Květen, 2024 - 11:37
The U.S. government on Thursday published a new cybersecurity advisory warning of North Korean threat actors' attempts to send emails in a manner that makes them appear like they are from legitimate and trusted parties. The joint bulletin was published by the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Department of State. "The
Kategorie: Hacking & Security

NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources

The Hacker News - 3 Květen, 2024 - 11:37
The U.S. government on Thursday published a new cybersecurity advisory warning of North Korean threat actors' attempts to send emails in a manner that makes them appear like they are from legitimate and trusted parties. The joint bulletin was published by the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Department of State. "TheNewsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Google Announces Passkeys Adopted by Over 400 Million Accounts

The Hacker News - 3 Květen, 2024 - 08:40
Google on Thursday announced that passkeys are being used by over 400 million Google accounts, authenticating users more than 1 billion times over the past two years. "Passkeys are easy to use and phishing resistant, only relying on a fingerprint, face scan or a pin making them 50% faster than passwords," Heather Adkins, vice president of security engineering at Google, said.
Kategorie: Hacking & Security

Google Announces Passkeys Adopted by Over 400 Million Accounts

The Hacker News - 3 Květen, 2024 - 08:40
Google on Thursday announced that passkeys are being used by over 400 million Google accounts, authenticating users more than 1 billion times over the past two years. "Passkeys are easy to use and phishing resistant, only relying on a fingerprint, face scan or a pin making them 50% faster than passwords," Heather Adkins, vice president of security engineering at Google, said.Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks

The Hacker News - 3 Květen, 2024 - 06:50
HPE Aruba Networking (formerly Aruba Networks) has released security updates to address critical flaws impacting ArubaOS that could result in remote code execution (RCE) on affected systems. Of the 10 security defects, four are rated critical in severity - CVE-2024-26304 (CVSS score: 9.8) - Unauthenticated Buffer Overflow Vulnerability in the L2/L3 Management Service Accessed via
Kategorie: Hacking & Security

Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks

The Hacker News - 3 Květen, 2024 - 06:50
HPE Aruba Networking (formerly Aruba Networks) has released security updates to address critical flaws impacting ArubaOS that could result in remote code execution (RCE) on affected systems. Of the 10 security defects, four are rated critical in severity - CVE-2024-26304 (CVSS score: 9.8) - Unauthenticated Buffer Overflow Vulnerability in the L2/L3 Management Service Accessed viaNewsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Apple confirms it will open up the iPad in Europe this fall

Computerworld.com [Hacking News] - 2 Květen, 2024 - 19:26

In the latest set of tweaks to bring itself into compliance with a new European Union law, Apple has confirmed significant changes to the deal originally offered to developers in the EU. Not only will it open up the iPad in the same way as it is opening up the iPhone in Europe, but it is making significant changes to its Core Technology Fee that should benefit smaller developers.

Europe’s iPads will be opened up this fall

iPadOS will be opened up in Europe starting this fall, the company said in a statement on its developer website. “This week, the European Commission designated iPadOS a gatekeeper platform under the Digital Markets Act,” Apple said. “Apple will bring our recent iOS changes for apps in the European Union (EU) to iPadOS later this fall, as required. Developers can choose to adopt the Alternative Business Terms for Apps in the EU that will include these additional capabilities and options on iPadOS or stay on Apple’s existing terms.”

Of course, once developers do choose to adopt Apple’s alternative terms, they can become liable to pay the company a Core Technology Fee (CTF). 

Improvement to the CTF

The fee is designed to compensate Apple for the value it provides developers in terms of tools, tech, and services. There is good news for developers here in that Apple won’t double charge for this, which means users who install the same app on both iOS and iPadOS within a 12-month period will only generate one first annual install for that app. 

While company critics continue to castigate this so-called “Apple Tax”, the company points out that under current data over 99% of developers in the EU will not be liable to any kind of CTF fee. Which rather implies that the 1% of developers who do pay the fee are able to make the most noise because they can afford the best marketing.

But let’s not dwell on that. Instead, let’s look at two additional changes the company has made to its approach. The first change is quite significant. 

Helping sudden success

When Apple’s teams appeared in front of what seemed to be an EU kangaroo court to explain how it was approaching the DMA, one question from one developer rang true. That person spoke about how an app they made had become hugely successful overnight and explained that under Apple’s originally proposed CTF deal he would have been bankrupted by the fees at that time. Apple responded pretty quickly with a range of tweaks.

At first, it introduced a new loophole developers in that situation could use to return to the original terms of business, which I saw as a kind of lifeboat. Today, it introduced a new tweak I think serve to blunt the pain of unexpected success:

As of now, small developers generating under €10 million in global annual business revenue that adopt the alternative business terms receive a three-year free on-ramp to the CTF to help them create innovative apps and rapidly grow business.

What that means is that within those three years, if a developer who has not previously exceeded one million first annual installs crosses the threshold for the first time, they won’t pay the CTF — even if they continue to exceed one million first annual installs during that time. “If a small developer grows to earn global revenue between €10 million and €50 million within the 3-year on-ramp period, they’ll start to pay the CTF after one million first annual installs up to a cap of €1 million per year.”

This sounds incredibly complicated, but basically means that if you are a small developer and happen to introduce an app that generates millions of installs they will not need to pay a fee until they scale their business so they can afford to do so.

No revenue? No fee

Obviously, this doesn’t apply to those wealthy developers whose business has already scaled in that way — rightly, they still need to shoulder the burden to help nurture new dev talent. The one big caveat is that the developer must declare their revenue before their first app surpasses one million first annual installs in order to receive these benefits. Leave it too late and you’ll have missed the chance.

The other improvement is that developers who create free apps won’t suddenly be bankrupted because millions download the app. Apple explains:

“No CTF is required if a developer has no revenue whatsoever. This includes creating a free app without monetization that is not related to revenue of any kind (physical, digital, advertising, or otherwise). This condition is intended to give students, hobbyists, and other non-commercial developers an opportunity to create a popular app without paying the CTF.”

It is also important to point out something else. Only developers who achieve over one million first annual installs per year in the EU need to pay Apple’s Core Technology Fee. Not only that, but non-profit organizations, government entitles, and educational institutions approved for a fee waiver don’t pay it at all.

While Apple’s well-resourced critics will continue to attack the company’s approach, it’s hard to avoid the feeling that the company is making it crystal clear that it is not now (and probably never was) the small developers who propped up App Store profits, but the large developers now making the loudest complaints.

And that seems to me to be food for thought. I doubt those larger entities have any plans to give their apps away for free. Why should Apple be made to do so?

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Apple, iOS, iPad, Mobile, Mobile Apps
Kategorie: Hacking & Security

Udacity offers laid-off US workers free access to its courses for 30 days

Computerworld.com [Hacking News] - 2 Květen, 2024 - 17:44

Citing the surge in layoffs nationwide, particularly within the IT workforce, online technology learning platform Udacity is offering a free trial to access its entire catalogue of courses for the next 30 days. The courses includes certifications in skills such as programming, data science, artificial intelligence, digital marketing.

“Layoffs have affected hundreds of thousands of people in the United States in the past year,”  Udacity COO Victoria Papalian wrote in a blog post. “Unfortunately, the unsettling trend continues. According to the Challenger Report, US job cuts in March 2024 were the highest since January 2023, up 7% over February.”

Udacity, which was founded as the outgrowth of free computer science classes offered in 2011 through Stanford University, said its free courses are part of its “Nanodegree” credential program. They’re available to anyone laid off over the past year.

In its announcement, the company placed a particular emphasis on highly desired industry skills, such as generative artificial intelligence (genAI). According to a recent study led by the Oxford Internet Institute, “AI skills are particularly valuable as they have high levels of skill complementarity, increasing worker wages by 21% on average,” the company said in a statement.

“To capitalize on the [genAI] opportunity — for business as well as individual benefit — learning about various genAI techniques is not sufficient; professionals must be inspired by the many use cases for genAI in the business, and must gain experience in putting that knowledge into practice within organizational contexts,” Papalian said.

Online instructors include educators from various tech companies, such as Advocate Networks, Cape Analytics, DeepMind, LanceDB, Meta, NVIDIA,  SoFi, and UC Berkeley, as well as Udacity’s own instructors. The topics covered include AI, data science, analytics, project management, digital marketing, cloud computing, web development, and mobile development, as well as genAI for business leaders.

Students studying genAI will also have the opportunity to complete projects modeled on the realworld tasks and challenges in professional contexts.

The free courses are available for all levels of IT experience and take about 4 weeks to complete during an average of 10 hours a week. These are examples of some of the courses being offered:

  • Introduction to Python (Beginner)
  • Introduction to SQL (Beginner)
  • Digital Project Management (Beginner)
  • Generative AI Fundamentals (Intermediate)
  • Intro to Data Science (Advanced)

Students who can spend 20 hours a week learning can complete the following courses in 60 days:

  • Business Analytics Nanodegree program (Beginner)
  • AI Programming with Python Nanodegree program (Beginner)
  • Programming for Data Science with Python Nanodegree program (Beginner)
  • AI for Business Leaders Nanodegree program (Intermediate)
  • AWS Cloud Architect Nanodegree program (Advanced)

By spending 40 hours a week, the following Nanodegree programs that typically take four months to complete can be finished in a month:

  • Introduction to Programming Nanodegree program (Beginner)
  • Digital Marketing Nanodegree program (Intermediate)
  • Generative AI Nanodegree program (Intermediate)
  • AI for Trading Nanodegree program (Advanced)
  • Data Scientist Nanodegree program (Advanced)

Udacity students will also have the opportunity to receive feedback on their projects from mentors. The program, including all of Udacity’s tech projects, is now available to All Access subscribers.

“The experience of being laid off is stressful to say the least. And the subsequent job hunt is often no less stressful,” Papalian said. “Knowledge and training are critical to capturing the opportunities.”

Education and Training Software, IT Jobs, IT Skills, Technology Industry
Kategorie: Hacking & Security

Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw

The Hacker News - 2 Květen, 2024 - 16:22
Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability codenamed the Dirty Stream attack that could be exploited by a malicious app to overwrite arbitrary files in the vulnerable app's home directory. "The implications of this vulnerability pattern include arbitrary code execution and token theft,
Kategorie: Hacking & Security

Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw

The Hacker News - 2 Květen, 2024 - 16:22
Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability codenamed the Dirty Stream attack that could be exploited by a malicious app to overwrite arbitrary files in the vulnerable app's home directory. "The implications of this vulnerability pattern include arbitrary code execution and token theft, Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security
Syndikovat obsah