17 matches found
WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities
Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address dozens of flaws, including three new zero-days that it said are being actively exploited in the wild. The three security shortcomings are listed below - CVE-2023-32409 - A...
Fortinet Warns of Active Exploitation of New SSL-VPN Pre-auth RCE Vulnerability
Fortinet on Monday issued emergency patches for a severe security flaw affecting its FortiOS SSL-VPN product that it said is being actively exploited in the wild. Tracked as CVE-2022-42475 CVSS score: 9.3, the critical bug relates to a heap-based buffer overflow vulnerability that could allow an...
Apple Issues Patches for 2 Actively Exploited Zero-Days in iPhone, iPad and Mac Devices
Apple on Thursday rolled out emergency patches to address two zero-day flaws in its mobile and desktop operating systems that it said may have been exploited in the wild. The shortcomings have been fixed as part of updates to iOS and iPadOS 15.4.1, macOS Monterey 12.3.1, tvOS 15.4.1, and watchOS...
How to Buy Precious Patching Time as Log4j Exploits Fly
Sure, Apache got a patch out fast when the Log4j logging library vulnerability – aka Javageddon or “up there with Shellshock” – exploded last week. But emergency patches take days best-case scenario or weeks to install: plenty of time for attackers to do their worst. Which they lickety-split did,...
This Week in Security News - September 17, 2021
2021 Midyear Cybersecurity Report and Apple emergency patches fix zero-click iMessage bug used to inject NSO spyware...
Microsoft Releases Emergency Patches for IE 0-Day and Windows Defender Flaw
It's not a Patch Tuesday, but Microsoft is rolling out emergency out-of-band security patches for two new vulnerabilities, one of which is a critical Internet Explorer zero-day that cyber criminals are actively exploiting in the wild. Discovered by Clément Lecigne of Google's Threat Analysis Grou...
Microsoft Releases Emergency Patches for IE 0-Day and Windows Defender Flaw
It's not a Patch Tuesday, but Microsoft is rolling out emergency out-of-band security patches for two new vulnerabilities, one of which is a critical Internet Explorer zero-day that cyber criminals are actively exploiting in the wild. Discovered by Clément Lecigne of Google's Threat Analysis Grou...
Cisco Warns of Critical Flaws in Data Center Network Manager
Cisco Systems has released emergency patches for two critical vulnerabilities in its Data Center Network Manager, which could allow attackers to take control of impacted systems. The Data Center Network Manager DCNM is Cisco’s network management platform for switches running on its network...
Adobe Issues Emergency Patches for Two Critical Flaws in Acrobat and Reader
I hope you had biggest, happiest and craziest New Year celebration, but now it's time to come back at work and immediately update your systems to patch new security flaws that could exploit your computer just by opening a PDF file. Adobe has issued an out-of-band security update to patch two...
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 4, 2018
It was a busy day yesterday, with Adobe issuing four emergency patches for their Flash Player, including one for a zero-day being actively exploited in the wild. Adobe has indicated that CVE-2018-5002 was discovered being used in limited, targeted attacks on Windows users in the wild. The attacks...
Microsoft Issues Updates for 96 Vulnerabilities You Need to Patch this Month
As part of June's Patch Tuesday, Microsoft has released security patches for a total of 96 security vulnerabilities across its products, including fixes for two vulnerabilities being actively exploited in the wild. This month's patch release also includes emergency patches for unsupported version...
Adobe Patches 29 Vulnerabilities in Flash Player
After a month free of Flash Player fixes and emergency patches, Adobe today resumed its monthly ritual of releasing a security update for the maligned software. Today’s update patched 29 issues, most of which enabled remote code execution attacks on the host system. Adobe also updated its Air SDK...
Java enabled browsers are highly vulnerable
Oracle has released emergency patches multiple of times in recent months for Java for one after another set of vulnerabilities. About 100 million computers reported to be vulnerable to unauthorized access via different flaw in Java software. Department of Homeland Security's US-CERT already warne...
Java enabled browsers are highly vulnerable
Oracle has released emergency patches multiple of times in recent months for Java for one after another set of vulnerabilities. About 100 million computers reported to be vulnerable to unauthorized access via different flaw in Java software. Department of Homeland Security's US-CERT already warne...
Oracle Patches Java Zero Day Vulnerability
Oracle delivered an unusual emergency patch to Java's critical Zero Day vulnerability on Sunday to fix a malicious bug that allowed hackers access to users web browsers. Exploits for the previously undisclosed flaw were being hosted in a number of exploit kits and attacks have already been seen i...
Adobe quarterly patch release should serve as an example
Adobe has become the third major software vendor to begin shipping its security updates on a regular schedule. Following the lead of Microsoft and Oracle, who have been releasing patches on a set schedule for many years, Adobe now will ship its patches once per quarter. It’s a move that’s overdue...
Buffer oveflow vulnerability in CDE DtSvc library
IBM SECURITY ADVISORY Mon Oct 29 09:15:39 CST 2001 =========================================================================== VULNERABILITY SUMMARY VULNERABILITY: Buffer oveflow vulnerability in CDE DtSvc library PLATFORMS: IBM AIX 4.3 and 5.1 SOLUTION: Apply the emergency-fixes described below...