Aggregator

A vulnerability classified as critical has been found in Apple tvOS. This affects an unknown function of the component Web Handler. Performing a manipulation results in memory corruption. This vulnerability is identified as CVE-2024-54534. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Apple visionOS. This impacts an unknown function of the component Web Handler. Executing a manipulation can lead to memory corruption. This vulnerability is tracked as CVE-2024-54534. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Apple macOS. Affected is an unknown function of the component Web Handler. The manipulation leads to memory corruption. This vulnerability is listed as CVE-2024-54534. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apple watchOS. Affected by this vulnerability is an unknown functionality of the component Web Handler. The manipulation results in memory corruption. This vulnerability is cataloged as CVE-2024-54534. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability has been found in Apple iOS and iPadOS and classified as critical. Affected by this issue is some unknown functionality of the component Web Handler. This manipulation causes memory corruption. This vulnerability is registered as CVE-2024-54534. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability was found in Apple Safari and classified as critical. This affects an unknown part of the component Web Handler. Such manipulation leads to memory corruption. This vulnerability is documented as CVE-2024-54534. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Apple macOS up to 13.6/14.6/15.1. It has been declared as critical. Impacted is an unknown function. The manipulation results in Local Privilege Escalation. This vulnerability is cataloged as CVE-2024-54529. The attack must be initiated from a local position. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS up to 13.6/14.6/15.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component File Handler. Executing a manipulation can lead to improper access controls. This vulnerability is tracked as CVE-2024-54528. The attack is restricted to local execution. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS and classified as problematic. Affected by this issue is some unknown functionality. Executing a manipulation can lead to denial of service. This vulnerability appears as CVE-2024-54538. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability was found in Apple visionOS. It has been classified as problematic. This affects an unknown part. The manipulation leads to denial of service. This vulnerability is traded as CVE-2024-54538. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Apple iOS and iPadOS. It has been declared as problematic. This vulnerability affects unknown code. The manipulation results in denial of service. This vulnerability is known as CVE-2024-54538. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple tvOS. It has been rated as problematic. This issue affects some unknown processing. This manipulation causes denial of service. This vulnerability is handled as CVE-2024-54538. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability categorized as problematic has been discovered in Apple watchOS. Impacted is an unknown function. Such manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2024-54538. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内。首先，我得仔细阅读文章，理解主要内容。 文章主要讲的是OpenAI的Codex服务。萨姆·奥尔特曼宣布，当周活跃用户每增加100万时，就会重置一次额度。但只有付费用户才能享受这一福利。免费用户的额度依然很低。 接下来，我需要提取关键点：Codex重置额度的条件、仅限付费用户、免费用户的限制、以及拼车订阅价格的变化。 然后，我要把这些信息浓缩成一句话，不超过100字。确保涵盖主要信息：宣布重置、条件、付费用户专享、免费用户的限制和订阅价格变化。 最后，检查语言是否简洁明了，没有冗余信息。 OpenAI CEO萨姆·奥尔特曼宣布Codex将根据周活跃用户数每新增百万重置一次额度，但仅限付费用户。免费账户仍维持较低额度。

BLE 蓝牙协议：对智能设备的BLE抓包实战 (HCI + 空口)

Currently trending CVE - Hype Score: 2 - A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.

好，我现在要帮用户总结一篇文章，控制在100字以内。首先，我需要仔细阅读用户提供的文章内容。看起来文章主要讲的是当前环境异常，用户需要完成验证才能继续访问。文章中提到“环境异常”和“完成验证后即可继续访问”，还有“去验证”的按钮。 接下来，我要理解用户的需求。用户希望用中文总结，而且不需要特定的开头，直接写描述即可。所以，我应该简洁明了地表达出文章的核心信息：环境异常导致访问受限，需完成验证才能继续。 然后，我需要考虑如何在100字以内准确传达这个信息。可能的表达方式包括说明环境问题、验证的必要性以及后续操作。例如：“当前环境异常，需完成验证后才能继续访问。” 最后，检查一下是否符合要求：字数控制在100字以内，没有使用特定的开头语句，并且准确传达了文章内容。 当前环境异常，需完成验证后才能继续访问。

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

HackerNews 编译，转载请注明出处： 俄罗斯全国银行应用和支付系统发生大规模故障，导致客户数小时内无法刷卡支付、提取现金或使用移动银行服务。据The Record Media报道，该事件影响包括Sberbank、VTB、Alfa-Bank、T-Bank和Gazprombank在内的主要银行，波及莫斯科等多个地区。 俄罗斯网站CNews报道：”VTB、Sberbank、T-Bank和Alfa-Bank的合计客户群达全国数千万人。显然，故障规模巨大，影响俄罗斯大部分地区。投诉数以千计。例如，仅一小时内就有超过3300起关于Sberbank故障的投诉。过去12小时内，35%的投诉来自莫斯科，圣彼得堡和斯维尔德洛夫斯克地区各占8%，新西伯利亚和车里雅宾斯克地区分别为7%和5%。” 媒体报道称，此次故障发生在俄罗斯收紧互联网控制、限制应用并打击VPN使用之际。 《基辅独立报》报道：”4月3日，根据在线追踪数据和客户报告，俄罗斯主要银行面临电子服务大规模中断。此次故障发生在俄罗斯政府日益收紧国内互联网访问控制之际，对流行应用施加限制并寻求遏制虚拟专用网络（VPN）的使用。” 4月3日的临时故障影响Sberbank并蔓延至其他主要银行，包括VTB Bank和T-Bank。从莫斯科时间上午10点左右开始，客户面临移动应用、转账和ATM取款问题，迫使许多商家仅接受现金，并在各城市造成长队。 俄罗斯国家支付卡系统表示，中断源于一家银行的技术故障，未影响资金。《生意人报》报道将其与Sberbank故障关联，可能在限制VPN计划后不久因VPN使用而恶化。 《基辅独立报》继续报道：”此次大规模故障发生在俄罗斯数字发展部长Maksut Shadayev于3月30日表示政府将努力’减少VPN使用’后不到一周——VPN是俄罗斯公民绕过网络审查的少数剩余方式之一。据报道，Shadayev在普京总统下令后，要求电信运营商和数字平台对使用VPN服务的用户收费并封禁。” 当地安全专家推测，封禁VPN可能导致4月3日的银行故障，在接受《生意人报》采访时将其描述为可能的”误伤”。自乌克兰战争爆发以来，俄罗斯当局稳步收紧网络审查，近月来限制加速。3月初，克里姆林宫引入白名单系统，在移动互联网中断期间仅允许访问选定的、多为亲政府网站。互联网关闭变得更加频繁，官方理由为针对乌克兰无人机攻击的安全措施。 The Record Media还报道，故障还影响公共交通，莫斯科地铁和郊区火车转门无法刷卡，迫使工作人员让乘客免费通过以避免拥挤。 截至周一，许多网站上的相关报道已基本消失。独立媒体称，俄罗斯互联网监管机构Roskomnadzor已下令各平台删除将银行故障与其VPN封禁努力关联的内容。 消息来源：securityaffairs.com； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文