-
Bug in macOS, Gatekeeper’s security can be bypassed by malware.
The macOS operating system was recently patched for a security vulnerability that could be exploited by a threat actor to bypass “myriad foundational macOS security mechanisms” and run arbitrary code. Patrick Wardle described the discovery in a series of tweets on Thursday. According to CVE-2021-30853 (CVSS 5.5), the issue involves a scenario where a rogue…
-
Bugs in Active Directory could allow hackers to take over Windows domain controllers.
Following the availability of a proof-of-concept (POC) tool on December 12, Microsoft is urging customers to patch two security vulnerabilities in Active Directory domain controllers that it addressed in November. The two vulnerabilities are identified as CVE-2021-42278 and CVE-2021-42287. They both affect Active Directory Domain Services (AD DS) and have a severity rating of 7.5.…
-
Chinese government suspends the Alibaba deal because it did not share the 0-day of Log4j with the government.
The Ministry of Industry and Information Technology (MIIT) of China temporarily suspended a partnership with Alibaba Cloud, the cloud computing subsidiary of the world’s largest e-commerce company, for six months after the company failed to promptly notify the government about a critical security vulnerability affecting the widely used Log4j logging library. Reports from 21st Century…