jeudi 23 février 2023 à 07:25
Cybersecurity researchers are warning of "imposter packages" mimicking popular libraries available on the Python Package Index (PyPI) repository.
The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib3. The names of the packages are as follows:
aio5, aio6, htps1, httiop, httops, httplat, httpscolor
mercredi 22 février 2023 à 13:56
Apple has revised the security advisories it released last month to include three new vulnerabilities impacting iOS, iPadOS, and macOS.
The first flaw is a race condition in the Crash Reporter component (CVE-2023-23520) that could enable a malicious actor to read arbitrary files as root. The iPhone maker said it addressed the issue with additional validation.
The two other vulnerabilities,