Apple Security Advisory 2021-04-26-5 – watchOS 7.4 addresses buffer overflow, bypass, code execution, cross site scripting, denial of service, double free, heap corruption, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2021-04-26-7
Apple Security Advisory 2021-04-26-7 – Safari 14.1 addresses cross site scripting and use-after-free vulnerabilities.
Apple Security Advisory 2021-04-26-8
Apple Security Advisory 2021-04-26-8 – iCloud for Windows 12.3 addresses cross site scripting and use-after-free vulnerabilities.
Apple Security Advisory 2021-04-26-9
Apple Security Advisory 2021-04-26-9 – iTunes 12.11.3 for Windows addresses cross site scripting and use-after-free vulnerabilities.
Apple Security Advisory 2021-04-26-10
Apple Security Advisory 2021-04-26-10 – Xcode 12.5 addresses an arbitrary code execution vulnerability.
Trojan-Dropper.Win32.Dycler.vrp Insecure Permissions
Trojan-Dropper.Win32.Dycler.vrp malware suffers from an insecure permissions vulnerability.
Trojan-Dropper.Win32.Injector.aobl Insecure Permissions
Trojan-Dropper.Win32.Injector.aobl malware suffers from an insecure permissions vulnerability.
Kirby CMS 3.5.3.1 Cross Site Scripting
Kirby CMS version 3.5.3.1 suffers from a cross site scripting vulnerability.
Backdoor.Win32.Agent.afq Missing Authentication
Backdoor.Win32.Agent.afq malware suffers from a missing authentication vulnerability.
GitHub Missing Audit Logging
Release functionality on GitHub.com allows modification of assets within a release by any project collaborator. This can occur after the release is published, and without notification or audit logging accessible in the UI to either the project owners or the public.