Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31650PUBLISHED: 2022-05-25In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
CVE-2022-31651PUBLISHED: 2022-05-25In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.
CVE-2022-29256PUBLISHED: 2022-05-25
sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at `npm install` time when installing versions of `sharp` prior to the latest v0.30.5. If an attacker has the ability to set the value of the `PKG_CONFIG_PATH` e...
CVE-2022-26067PUBLISHED: 2022-05-25
An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnera...
CVE-2022-26077PUBLISHED: 2022-05-25
A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff networ...
User Rank: Apprentice
8/12/2019 | 2:04:18 PM
Liveness detection (liveness.com) is key to actual authentication because is assess, literally, dozens of unique human attributes to determine that *together* they add up to a real human. If the liveness test isn't passed first, there is no need to match images. This prevents things like detailed masks, 4K video, etc. from standing in for the real person.
In addition, the data acquisition method for recognition is based on 2D images. In true authentication, 3D images provide far more signal to work with. This is why Face ID, even though it has no liveness detection, works better most of the time than the legacy algorithms that have powered recognition for, literally, decades. It has more to work with to make a more accurate match. But, as was seen (just look it up on YouTube), it's easy to spoof. And Apple will *never* subject it's tech to a transparent test, so we only have social proof to work with.
This is old news.