We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

Mastodon

Zero Day Initiative — CVE-2024-43639: Remote Code Execution in Microsoft Windows KDC Proxy
Winsage
March 5, 2025

Zero Day Initiative — CVE-2024-43639: Remote Code Execution in Microsoft Windows KDC Proxy

Integer overflows and memory corruption errors have been identified during the encoding of the kerb-message OCTET STRING field in the KDC Proxy. The ASN1encoder.buf is allocated a buffer of size 1,024, while ASN1encoder.current points to ASN1_encoder.buf + 4. The KDC Proxy accepts Kerberos responses with a maximum size of 4,294,967,295. When a Kerberos response is sent with a length from 4,294,967,291 to 4,294,967,295, an overflow occurs due to the addition being stored in a 4-byte unsigned variable, leading to a heap buffer overflow when ASN1BEREncCharString() calls memcpy(). Similarly, for responses with lengths between 4,294,966,267 and 4,294,967,290, an overflow occurs during reallocation, causing an out-of-bounds write or heap buffer overflow. An edge case arises when passing 0 as the new size to LocalReAlloc(), leading to an access violation. A remote, unauthenticated attacker could exploit this vulnerability for arbitrary code execution. Detection involves monitoring traffic on UDP port 389 and TCP port 88, focusing on Kerberos responses. If a response exceeds 0x80000000 bytes, it should be flagged as suspicious. The vulnerability was patched in November, and only KDC servers are at risk; domain controllers are unaffected. Immediate patching of all instances of the KPSSVC server is recommended.
Elon Musk's X blocking links to Signal messaging app
AppWizard
February 18, 2025

Elon Musk’s X blocking links to Signal messaging app

Social media platform X has implemented restrictions on links to the Signal messaging application, resulting in error messages when users attempt to share signal.me links through public posts, direct messages, or profile pages. This blockage also affects existing signal.me links. Signal, known for its end-to-end encryption, is commonly used by journalists and whistleblowers. X has previously restricted links to Facebook, Instagram, Mastodon, and Substack, despite Signal not being a direct competitor. Users can still share Signal handles on X, and a workaround exists by copy-pasting the link into Signal to bypass the restrictions.
Powerbeats Pro 2 hands-on review, Android Apple TV app launches
AppWizard
February 13, 2025

Powerbeats Pro 2 hands-on review, Android Apple TV app launches

- The Apple TV app is set to arrive on Android devices, expanding Apple's streaming service accessibility. - Apple has partnered with Alibaba to advance artificial intelligence initiatives in China. - Apple has introduced a feature allowing users to merge their Apple Accounts for a streamlined experience. - The new Powerbeats Pro includes heart rate monitoring capabilities, appealing to fitness enthusiasts. - Announce Notifications in CarPlay aims to improve driver safety by allowing notifications without distraction. - The Sports app has added NASCAR coverage to enhance its sports content offerings. - The UK government has taken a controversial stance on encryption, raising privacy and security concerns.
Clapper Media Player Adds New Features, Official Windows Build
Winsage
February 12, 2025

Clapper Media Player Adds New Features, Official Windows Build

Clapper 0.8.0 introduces a libpeas-based plugin system, enhancing its media playback capabilities for other applications. Key features include an exit fullscreen keyboard shortcut (esc), a "New Window" menu item, an option to clear the playback queue, and a middle-click functionality for resizing the app window to the media aspect ratio. This version also officially supports Microsoft Windows, with the installer available on the Clapper GitHub releases page. Users can download Clapper from Flathub or build it from source, requiring GNOME 47 and associated media runtimes. An older version is available for Ubuntu users as a DEB package or unofficial snap.
Essential apps for hardcore Android users [Video]
AppWizard
December 26, 2024

Essential apps for hardcore Android users [Video]

Seal is a minimalist downloader app for Android that allows users to download videos from platforms like TikTok, YouTube, and Instagram in various formats and qualities. Zerocam is a camera replacement app that focuses on a natural photographic experience without excessive image processing, offering a free version with a limit of five photos per day and a subscription for additional features. Openvibe aggregates multiple social media platforms into one app, allowing users to post to Bluesky, Threads, Nostr, and Mastodon simultaneously. Twine is an RSS app that consolidates favorite feeds into one location and allows users to import collections via OPML files. AI Screenshot Finder helps users search and categorize their screenshots, processing data locally while leveraging cloud AI systems. Crate organizes links, recipes, and videos into custom sections and uses AI to assist in finding saved content. Sponge gamifies file management, allowing users to swipe to delete or tag files, organized by the month they were saved. Tooly is a versatile toolbox app that includes various tools for unit conversions and text formatting.
Malware infiltrates Pidgin messenger’s official plugin repository
AppWizard
September 4, 2024

Malware infiltrates Pidgin messenger’s official plugin repository

The Pidgin messaging app has removed the ScreenShareOTR plugin from its official third-party plugin list due to reports of its misuse, which included keyloggers and malware. The plugin was added to the list on July 6, 2024, and was reported to be malicious by a user on August 16. Security researcher Johnny Xmas confirmed the presence of a keylogger by August 22. The malicious plugin was signed with a valid certificate from INTERREX – SP. Z O.O., and it could download additional malware, including DarkGate, affecting both Windows and Linux versions of Pidgin. Pidgin's maintainer stated that the organization does not track plugin installations. In response to the incident, Pidgin will now only accept plugins with an OSI Approved Open Source License to enhance security scrutiny. Users are advised to uninstall the compromised plugin and scan their systems for threats.
Linux Scores A Surprising Gaming Victory Against Windows 11
Winsage
August 22, 2024

Linux Scores A Surprising Gaming Victory Against Windows 11

The Framework 13 laptop, equipped with an AMD Ryzen 7 7840U processor and Radeon 780M graphics, was tested for gaming performance on Windows 11 and Fedora 40. Both operating systems were set to "Performance" mode, and results were recorded from the second run of each benchmark to avoid thermal throttling. In the game "Shadow of the Tomb Raider," Fedora 40 achieved a 7% higher average framerate compared to Windows. For "Total War: Warhammer III," Windows had a slight performance lead, while in "Cyberpunk 2077," Fedora 40 outperformed Windows by 3% without FSR scaling and by 7% with FSR, also showing a 24% increase in minimum framerate when settings were adjusted from Low to Medium. In "Forza Horizon 5," Windows led by 7%, but the performance gap has narrowed significantly compared to previous years.
This app makes your music sound way better when you lower the volume [Giveaway]
AppWizard
August 1, 2024

This app makes your music sound way better when you lower the volume [Giveaway]

Wavelet, an equalizer app for Android, has introduced a new equal loudness feature that maintains consistent volume levels across all frequencies, improving audio playback, especially at lower volumes. This feature is based on the ISO 226 standards and the Fletcher-Munson curves, which explain how humans perceive sound at different frequencies. The upcoming version 24.05 allows users to toggle the equal loudness mode, adjusting the volume threshold for optimal performance. Users have reported enhanced listening experiences, particularly with bass clarity. Additionally, Wavelet offers various audio tuning tools, and the developer is hosting a giveaway of 100 promo codes for the pro version of the app.
Search