Security News

Apple on Monday released patches for a vulnerability in WebKit that could allow attackers to execute code remotely on affected devices. To exploit the vulnerability, an attacker would simply need to craft a webpage containing malicious code, and then lure the victim into accessing that webpage, which would trigger the execution of code onto the victim's machine.

Apple is rolling out fixes for a high-severity vulnerability in its WebKit browser engine that, if exploited, could allow remote attackers to completely compromise affected systems. Apple on Monday urged affected device users to update as soon as possible: "Keeping your software up-to-date is one of the most important things you can do to maintain your Apple product's security," said the company on Monday.

VMware this week announced the availability of a security patch for VMware View Planner, to address a vulnerability leading to remote code execution. With the release of View Planner 4.6 Security Patch 1 on March 2, VMware fixes CVE-2021-21978, an issue that could allow an attacker to execute code remotely.

Google this week announced the release of patches for 37 vulnerabilities as part of the Android security updates for March 2021, including a fix for a critical flaw in the System component. Tracked as CVE-2021-0397 and affecting Android 8.1, 9, 10, and 11 releases, the security issue could allow an attacker to execute code remotely on a vulnerable device.

Google's cybersecurity research unit Project Zero on Wednesday disclosed the details of a recently patched Windows vulnerability that can be exploited for remote code execution. Dominik Röttsches of Google and Mateusz Jurczyk of Google Project Zero have been credited for reporting the issue to Microsoft.

VMware has revealed a critical-rated bug in the HTML5 client for its flagship vSphere hybrid cloud suite. "The vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin," says VMware's notification.

IBM has patched a critical buffer-overflow error that affects Big Blue's Integration Designer toolset, which helps enterprises create business processes that integrate applications and data. "By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash," according to IBM's Monday security advisory.

An update released last week by Mozilla for Firefox 85 patches a critical information disclosure vulnerability that can be chained with other security flaws to achieve arbitrary code execution. In its advisory for the vulnerability - the bug currently does not have a CVE identifier - Mozilla described it as a "Buffer overflow in depth pitch calculations for compressed textures." The issue, reported by researchers Abraruddin Khan and Omair through Trend Micro's Zero Day Initiative, apparently only impacts Firefox running on Windows - other operating systems are not affected.

Cisco has addressed multiple pre-auth remote code execution vulnerabilities affecting several small business VPN routers and allowing attackers to execute arbitrary code as root on successfully exploited devices. The security bugs with a severity rating of 9.8/10 were found in the web-based management interface of Cisco small business routers.

The most severe of these could allow trivial remote code execution with high privileges. The most critical bug does not require local access and allows complete control over SolarWinds Orion remotely without having any credentials at all.