fbpx
Friday, March 29, 2024
Apple releases patch for iPhone and iPad 0-day reported by anonymous source

Apple releases patch for iPhone and iPad 0-day reported by anonymous...

0
Apple on Monday patched a high-severity zero-day vulnerability that gives attackers the ability to remotely execute malicious code that runs with the highest privileges inside the operating system kernel of fully up-to-date iPhones and iPads. In an advisory, Apple said that CVE-2022-42827, as the vulnerability is tracked, “may have been actively exploited,” using a phrase…
High-severity Microsoft Exchange 0-day under attack threatens 220,000 servers

High-severity Microsoft Exchange 0-day under attack threatens 220,000 servers

0
Microsoft late Thursday confirmed the existence of two critical vulnerabilities in its Exchange application that have already compromised multiple servers and pose a serious risk to an estimated 220,000 more around the world. The currently unpatched security flaws have been under active exploit since early August, when Vietnam-based security firm GTSC discovered customer networks had…
Chrome patches high-severity 0-day, its 6th this year

Chrome patches high-severity 0-day, its 6th this year

0
Getty Images | NurPhoto Google engineers have issued an emergency update for the Chrome browser to fix a high-severity vulnerability that can be exploited with code that’s already available in the wild. The vulnerability, which Google disclosed on Friday, is the result of “insufficient data validation in Mojo,” a Chrome component for messaging across inter-…
Zero-day used to infect Chrome users could pose threat to Edge and Safari users, too

Zero-day used to infect Chrome users could pose threat to Edge...

A secretive seller of cyberattack software recently exploited a previously unknown Chrome vulnerability and two other zero-days in campaigns that covertly infected journalists and other targets with sophisticated spyware, security researchers said. CVE-2022-2294, as the vulnerability is tracked, stems from memory corruption flaws in Web Real-Time Communications, an open source project that provides JavaScript programming…
Hackers are exploiting a critical zeroday in devices from SonicWall

Hackers are exploiting a critical zeroday in devices from SonicWall

0
Network security provider SonicWall said on Monday that hackers are exploiting a critical zeroday vulnerability in one of the devices it sells. The security flaw resides in the Secure Mobile Access 100 series, SonicWall said in an advisory updated on Monday. The vulnerability, which affects SMA 100 firmware versions 10.x, isn’t slated to receive a…
Google fixes two more Chrome zero-days that were under active exploit

Google fixes two more Chrome zero-days that were under active exploit

0
Google has patched two zero-day vulnerabilities in its Chrome browser, the third time in two weeks that the company has fixed a Chrome security flaw that’s under active exploit. According to a Monday tweet from Ben Hawkes, the head of Google’s Project Zero vulnerability and exploit research arm, CVE-2020-16009, as the first vulnerability is tracked,…
That no-click iOS 0-day reported to be under exploit doesn’t exist, Apple says

That no-click iOS 0-day reported to be under exploit doesn’t exist,...

0
Apple is disputing the accuracy of this week’s report that found attackers have been exploiting an unpatched iOS bug that allowed them to take full control of iPhones. San Francisco-based security firm ZecOps said on Wednesday that attackers had used the zero-day exploit against at least six targets over a span of at least two…
Powerful Firefox 0-day utilized to set up unnoticed backdoors on Macs

Powerful Firefox 0-day utilized to set up unnoticed backdoors on Macs

0
Enlarge / The fox animoji. Hackers exploited a pair of potent zero-day vulnerabilities in Firefox to infect Mac users with a largely undetected backdoor, according to accounts pieced together from multiple people. Mozilla released an update on Tuesday that fixed a code-execution vulnerability in a JavaScript programming method known as Array.pop. On Thursday, Mozilla issued…
Serial publisher of Windows 0-days drops exploits for 3 more unfixed defects

Serial publisher of Windows 0-days drops exploits for 3 more unfixed...

0
A serial publisher of Microsoft zeroday vulnerabilities has dropped exploit code for three more unpatched flaws, marking the seventh time the unknown person has done so in the past year. Technical details of the vulnerabilities, along with working proof-of-concept exploits, are the work of someone using the moniker SandBoxEscaper. A local privilege-escalation vulnerability in the…
A security scientist with an animosity is dropping Web 0days on innocent users

A security scientist with an animosity is dropping Web 0days on...

0
Over the past three weeks, a trio of critical zeroday vulnerabilities in WordPress plugins has exposed 160,000 websites to attacks that allow criminal hackers to redirect unwitting visitors to malicious destinations. A self-proclaimed security provider who publicly disclosed the flaws before patches were available played a key role in the debacle, although delays by plugin…

Recent Posts