This vulnerability exists in IOMobileFrameBuffer of Apple iOS and iPadOS due to memory corruption issues with inadequate memory handling. “A remote attacker with kernel privileges can exploit this vulnerability using a maliciously crafted application,” the agency explained.
Not updating to the latest software versions may allow attackers to gain elevated privileges on a targeted system.
Apple had also warned users that this issue may have been actively exploited.
Meanwhile, the new iOS 14.7.1 also fixes an issue where iPhone models with Touch ID cannot unlock a paired Apple Watch using the ‘Unlock with iPhone’ feature.
(With input from The Times of India)
Java News Roundup: Classfile API Draft, Spring Boot, GlassFish, Project Reactor, Micronaut – InfoQ.com
This week’s Java roundup for June 20th, 2022 features news from OpenJDK, JDK 19, JDK 20, Spring point releases, GlassFish 7.0.0-M6, GraalVM Native Build Tools 0.9.12, Micronaut 3.5.2, Quarkus 2.10.0, Project Reactor 2022.0.0-M3, Apache Camel Quarkus 2.10.0, and Apache Tika versions 2.4.1 and 1.28.4.
Brian Goetz, Java language architect at Oracle, recently updated JEP Draft 828039, Classfile API, to provide background information on how this draft will evolve and ultimately replace the Java bytecode manipulation and analysis framework, ASM, that Goetz characterizes as “an old codebase with plenty of legacy baggage.” This JEP proposes to provide an API for parsing, generating, and transforming Java class files. This JEP will initially serve as an internal replacement for ASM in the JDK with plans to have it opened as a public API.
Spring Boot 2.7.1 has been released featuring 66 bug fixes, improvements in documentation and dependency upgrades such as: Spring Framework 5.3.21, Spring Data 2021.2.1, Spring Security 5.7.2, Reactive Streams 1.0.4, Groovy 3.0.11, Hazelcast 5.1.2 and Kotlin Coroutines 1.6.3. More details on this release may be found in the release notes.
Spring Boot 2.6.9 has been released featuring 44 bug fixes, improvements in documentation and dependency upgrades similar to Spring Boot 2.7.1. Further details on this release may be found in the release notes.
VMware has published CVE-2022-22980, Spring Data MongoDB SpEL Expression Injection Vulnerability, a vulnerability in which a “Spring Data MongoDB application is vulnerable to SpEL Injection when using
@Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.” Spring Data MongoDB versions 3.4.1 and 3.3.5 have resolved this vulnerability.
Spring Data versions 2021.2.1 and 2021.1.5 have been released featuring upgrades to all of the Spring Data sub projects such as: Spring Data MongoDB, Spring Data Cassandra, Spring Data JDBC and Spring Data Commons. These releases will also be consumed by Spring Boot 2.7.1 and 2.6.9, respectively, and address the aforementioned CVE-2022-22980.
Spring Authorization Server 0.3.1 has been released featuring some enhancements and bug fixes. However, the team decided to downgrade from JDK 11 to JDK 8 to maintain compatibility and consistency with Spring Framework, Spring Security 5.x and Spring Boot 2.x. As a result, the HyperSQL (HSQLDB) dependency was also downgraded to version 2.5.2 because HSQLDB 2.6.0 and above require JDK 11. More details on this release may be found in the release notes.
Spring Security versions 5.7.2 and 5.6.6 have been released featuring bug fixes and dependency upgrades. Both versions share a new feature in which testing examples have been updated to use JUnit Jupiter, an integral part of JUnit 5. Further details on these releases may be found in the release notes for version 5.7.2 and version 5.6.6.
On the road to GlassFish 7.0.0, the sixth milestone release was made available by the Eclipse Foundation that delivers a number of changes related to passing the Technology Compatibility Kit (TCK) for the Jakarta Contexts and Dependency Injection 4.0 and Jakarta Concurrency 3.0 specifications. However, this milestone release has not yet passed the full Jakarta EE 10 TCK. GlassFish 7.0.0-M6, considered a beta release, compiles and runs on JDK 11 through JDK 18. More details on this release may be found in the release notes.
GraalVM Native Build Tools
On the road to version 1.0, Oracle Labs has released version 0.9.12 of Native Build Tools, a GraalVM project consisting of plugins for interoperability with GraalVM Native Image. This latest release provides: support documentation for Mockito and Byte Buddy; prevent builds from failing if no test list has been provided; support different agent modes in the
native-image Gradle plugin, a breaking change; and support for JVM Reachability Metadata in Maven. Further details on this release may be found in the release notes.
The Micronaut Foundation has released Micronaut 3.5.2 featuring bug fixes and point releases of the Micronaut Oracle Cloud 2.1.4, Micronaut Email 1.2.3, and Micronaut Spring 4.1.1 projects. Documentation for the
ApplicationContextConfigurer interface was also updated to include a recommendation on how to define a default Micronaut environment. More details on this release may be found in the release notes.
Red Hat has released Quarkus 2.10.0.Final featuring: preliminary work on virtual threads (JEP 425) from Project Loom; support non-blocking workloads in GraphQL extensions; a dependency upgrade to SmallRye Reactive Messaging 3.16.0; support for Kubernetes service binding for Reactive SQL Clients extensions; and a new contract
CacheKeyGenerator to allow for customizing generated cache keys from method parameters.
On the road to Project Reactor 2022.0.0, the third milestone release was made available featuring dependency upgrades to
reactor-addons 3.5.0-M3 and
Apache Camel Quarkus
Maintaining alignment with Quarkus, The Apache Software Foundation has released Camel Quarkus 2.10.0 containing Camel 3.17.0 and Quarkus 2.10.0.Final. New features include: new extensions, Azure Key Vault and DataSonnet; and removal of deprecated extensions in Camel 3.17.0. Further details on this release may be found in the list of issues.
The Apache Tika team has released version 2.4.1 of their metadata extraction toolkit. Formerly a subproject of Apache Lucene, this latest version ships with improved customization and configuration such as: add a
stop() method to the
TikaServerCli class so that it can be executed with Apache Commons Daemon; allow pass-through of
Content-Length header to metadata in the
TikaResource class; and support for users to expand system properties from the forking process into forked
Apache Tika 1.28.4 was also released featuring security fixes and dependency upgrades. More details in this release may be found in the changelog. The 1.x release train will reach end-of-life on September 30, 2022.
iQOO will debut the Dimensity 9000 Plus processor in the upcoming 10-series flagship smartphones – Notebookcheck.net
Stock market news live updates: Stock turn lower following last week's rebound – Yahoo Canada
7 Amazing Dark Sky National Parks – AARP
Emerging Markets Outlook: Investment is strong, but uncertainty remains – Logistics Management
Silver investment demand jumped 12% in 2019
Europe kicks off vaccination programs | All media content | DW | 27.12.2020 – Deutsche Welle
Global Media Markets, 2015-2020, 2020-2025F, 2030F – TV and Radio Broadcasting, Film and Music, Information Services, Web Content, Search Portals And Social Media, Print Media, & Cable – GlobeNewswire
News10 hours ago
Mamadou Konaté, still facing deportation
News12 hours ago
Living with Albinism in Africa
Tech7 hours ago
YouTuber tries to upgrade his old M1 MacBook Pro 13 to the brand-new Apple M2 processor – Notebookcheck.net
Art16 hours ago
Welcome to Drag: The performance art celebrating gender fluidity – Queen's Journal
Science11 hours ago
A Mystery Rocket Left A Crater On The Moon – Forbes
News16 hours ago
How Canada handled COVID-19 compared to other countries – CTV News
Science12 hours ago
A new planet hunter awakens: NIRPS instrument sees first light – News | Institute for Research on Exoplanets
Art16 hours ago
Modern Art and the Esteem Machine – The New Yorker