PT-2026-4690

In multiple locations, there is a possible way to reset user-selected permissions selections due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-4708

In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems

Cybersecurity researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system OS commands. The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum...

Google Discloses Unpatched 'High-Severity' Flaw in Apple macOS Kernel

Cybersecurity researcher at Google's Project Zero division has publicly disclosed details and proof-of-concept exploit of a high-severity security vulnerability in macOS operating system after Apple failed to release a patch within 90 days of being notified. Discovered by Project Zero researcher...

Google Makes 2 Years of Android Security Updates Mandatory for Device Makers

When it comes to security updates, Android is a real mess. Even after Google timely rolls out security patches for its Android platform, a major part of the Android ecosystem remains exposed to hackers because device manufacturers do not deliver patches regularly and on a timely basis to their...

Windows SMB Zero-Day Exploit Released in the Wild after Microsoft delayed the Patch

Last weekend a security researcher publically disclosed a zero-day vulnerability in Windows 10, Windows 8.1 and Server editions after Microsoft failed to patch it in the past three months. The zero-day memory corruption flaw resides in the implementation of the SMB server message block network fi...

Google and double 叒 叕 exposure Windows 0day vulnerabilities, Microsoft is not happy-vulnerability warning-the black bar safety net

Google recently again exposed the Windows 0day vulnerabilities, that the vulnerability can affect all current Windows operating systems, and Microsoft hasn't had time to fix. ! According to the Google team released a blog post that the vulnerability is a local mention the right vulnerability, it...

Microsoft Working on Patch for IE 8 Zero Day

UPDATE–Microsoft officials say they’re well aware of the Internet Explorer 8 zero day disclosed Wednesday by the Zero Day Initiative and have been working on a fix for it. However, there’s no stated timeline for releasing that patch. The vulnerability in IE 8 is a use-after-free bug in the way th...

Microsoft Won't Patch TIFF Zero Day on Patch Tuesday

A patch for the Windows zero-day disclosed this week will not be ready in time for next week’s monthly Patch Tuesday release, Microsoft said today. The vulnerability in several Windows and Office versions is being exploited in targeted attacks against Windows XP systems running Office 2007. The...

Adobe Defends PDF Patch Delays

Adobe chose to wait until mid-January to patch a critical PDF bug because issuing an emergency update would have disrupted its quarterly security update schedule, the company said today. Read the full article. Computerworld...