Apple Fixes 223 Vulnerabilities Across macOS, iOS, Safari

Apple fixed hundreds of bugs, 223 to be exact, across a slate of products including macOS Sierra, iOS, Safari, watchOS, and tvOS on Monday. More than a quarter of the bugs, 40 in macOS Sierra, and 30 in iOS, could lead to arbitrary code execution – in some instances with root privileges, Apple...

LastPass Password Manager and then exposed a serious vulnerability, the browser-based Password Manager can also be used? - Vulnerability warning-the black bar safety net

No use cryptographic software before, we easily forget the password; use password software, we“reluctantly”leak the All password. LastPass, the popular password management software, recently again broke security vulnerabilities. Security personnel found in LastPass Chrome and Firefox 4.1.42 versi...

LastPass Fixes Three Password Theft Vulnerabilities

Engineers at LastPass fixed three different vulnerabilities in the password manager over the last 24 hours, all discovered by Google Project Zero researcher Tavis Ormandy, which could have allowed for the theft of passwords. One of the issues, a remote code execution vulnerability that could have...

CVE-2017-0037: the IE11&Edge Type Confusion from the PoC to the half of the Exploit-vulnerability warning-the black bar safety net

Some time ago Google Project ZeroPJ0of the exposure a on IE11 and Edge of a type confusion caused by code execution vulnerabilities, Microsoft has not introduced about this vulnerability patch, I am on this vulnerability analysis, and by PoC constructed the half of the Exploit, why is half of it,...

Adobe Flash - Metadata Parsing Out-of-Bounds Read Exploit

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1005 The attached file causes an out-of-bounds read when its metadata is parsed Proof of Concept:...

Adobe Flash - MovieClip Attach init Object Use-After-Free Exploit

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1006 The attached file causes a use-after-free in attaching a MovieClip and applying the init object. Proof of Concept:...

Patch Tuesday Returns; Microsoft Quiet on Postponement

Patch Tuesday returned today as expected after last month’s postponement with a giant release of fixes that includes patches for vulnerabilities disclosed and exploited since the last set of updates in January. Microsoft, however, was relatively silent on the reasons why the February updates were...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

RHEL 5 / 6 : firefox (RHSA-2017:0459)

An update for firefox is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

RHEL 7 : firefox (RHSA-2017:0461)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2017:0461 advisory. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.0 ESR. Security Fixes: Multiple flaws were found i...

CentOS 7 : firefox (CESA-2017:0461)

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CentOS 5 / 6 : firefox (CESA-2017:0459)

An update for firefox is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Cloudbleed Triggered 1.2M Times, Damage Kept to Minimum

Having had more than a week to digest Cloudbleed’s causes and impact, Cloudflare CEO Matthew Prince assessed the damage yesterday in a lengthy post-mortem as relatively low. Prince said there is no evidence the vulnerability, which leaked customer data from memory, was exploited by attackers. The...

Google Discloses Another 'High Severity' Microsoft Bug

Google Project Zero disclosed Monday a “high severity” vulnerability it found in Microsoft’s Edge and Internet Explorer browsers that could allow remote attackers to execute arbitrary code. The revelation adds yet another vulnerability to a growing list of known bugs Microsoft has been warned...

Google Discloses Unpatched Microsoft Vulnerability

Google’s security researchers disclosed details of an unpatched Microsoft vulnerability in Windows’ GDI library that allows attackers to steal sensitive data from program memory. The flaw was first addressed by Microsoft last June, but Google said the patch was incomplete. As part of its 90-day...

Adobe Flash - MP4 AMF Parsing Overflow

Adobe Flash - MP4 AMF Parsing Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1018 There is an overflow in MP4 AMF parsing. To reproduce, put the attached files on a server and visit http://127.0.0.1/LoadMP4.swf?file=unsigned.mp4. Proof of Concept:...

Google Discloses Windows Vulnerability That Microsoft Fails To Patch, Again!

Microsoft is once again facing embarrassment for not patching a vulnerability on time. Yes, Google's Project Zero team has once again publicly disclosed a vulnerability with POC exploit affecting Microsoft's Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows...

NVIDIA Driver 375.70 - DxgkDdiEscape 0x100008b Out-of-Bounds ReadWrite

NVIDIA Driver 375.70 - DxgkDdiEscape 0x100008b Out-of-Bounds ReadWrite Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=985 The DxgkDdiEscape handler for 0x100008b accepts a user supplied size as the limit for a loop, leading to OOB reads and writes. The supplied PoC passes an...