Security News
Cisco yesterday released security patches for two high-severity vulnerabilities affecting its IOS XR software that were found exploited in the wild a month ago. Tracked as CVE-2020-3566 and CVE-2020-3569, details for both zero-day unauthenticated DoS vulnerabilities were made public by Cisco late last month when the company found hackers actively exploiting Cisco IOS XR Software that is installed on a range of Cisco's carrier-grade and data center routers.
Cisco on Thursday informed customers that it has patched 34 high-severity vulnerabilities affecting its IOS and IOS XE software, including many that can be exploited remotely without authentication. The company has released a total of 25 advisories as part of the September 2020 semiannual IOS and IOS XE Software Security Advisory Bundled Publication.
Apple has released iOS 14, with a bucketload of new and improved functional features and a handful of privacy and security ones. New privacy and security features in iOS 14 The new iOS will tell you when an app is using your camera or microphone.
Dashlane announced the completion of a bottom-to-top rewrite of its iOS app, improving efficiency, speed, and performance. The goal of the rewrite encompassed keeping up with the ever-changing iOS landscape, while making sure there was minimal disturbance for current iOS app users, diligently maintaining usable code, and providing a better digital experience for millions of Dashlane users.
Apple has patched nearly a dozen vulnerabilities and it has introduced new privacy features with the release of iOS 14 and iPadOS 14 this week. The issues could result in applications causing a system crash or writing kernel memory, identifying other installed applications, leaking user information, or accessing restricted files; may allow attackers to download malicious content, execute arbitrary code, or view notification contents from the lockscreen; may lead to arbitrary code execution or a cross-site scripting attack; may allow a user to read kernel memory; or could result in the screen lock not engaging after the specified time period.
The iOS 14, iPadOS 14, and tvOS 14 anti-tracking feature is on hold until early 2021 to give developers time to make the necessary changes, according to Apple. Apple released iOS 14 without a new anti-tracking feature.
Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device. "An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device," Cisco said in an advisory posted over the weekend.
Cisco over the weekend published information on a vulnerability in the IOS XR software that could be exploited to cause a denial of service condition. Cisco has warned that attackers are already attempting to exploit the vulnerability.
Facebook is lambasting an upcoming Apple mobile operating system privacy update, which requires application to ask users for permission before collecting and sharing their data. In the iOS 14 update, Apple iPhone and iPad users have an explicit option to opt out of allowing apps to collect data using the Apple device identifier.