Apple has patched two zero-day vulnerabilities exploited in targeted iPhone attacks. Affecting iOS, macOS, and more, the flaws allowed remote code execution and bypassed security protections. Apple urges all users to update immediately. The company confirmed the issues were used in a highly sophisticated attack on specific individuals.
A recent vulnerability discovery in FortiSwitch devices has raised concerns about Fortinet's commitment to secure software development. The vulnerability, CVE-2024-48887, allows an attacker to change the admin password without authentication. This raises questions about Fortinet's input validation and overall development lifecycle.
A recent security advisory from Fortinet has highlighted a vulnerability affecting multiple versions of FortiOS. Identified as CVE-2024-48887, it allows attackers to maintain persistent access to networks. Fortinet urges updating to the latest version, enabling 2FA, and resetting session IDs to mitigate risk.