Security News

Google has rushed out a fix for a vulnerability in its Chrome browser, noting that an exploit already exists in the wild. The search giant has followed Apple in hurriedly issuing an update in response to research from The Citizen Lab at The University of Toronto's Munk School.

Google has rolled out a security update for a critical Chrome zero-day vulnerability exploited in the wild.Chrome generally applies the update automatically when users close and reopen the browser.

Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. With the latest fix, Google has addressed a total of four zero-days in Chrome since the start of the year -.

LibreOffice: Stability, security, and continued developmentLibreOffice, the most widely used open-source office productivity suite, has plenty to recommend it: it's feature-rich, user-friendly, well-documented, reliable, has an active community of developers working on improving it, and it's free. North Korean hackers target security researchers with zero-day exploitNorth Korean threat actors are once again attempting to compromise security researchers' machines by employing a zero-day exploit.

Apple devices are again under attack, with a zero-click, zero-day vulnerability used to deliver Pegasus spyware to iPhones discovered in the wild. Researchers at Citizen Lab are referring to the exploit as BLASTPASS. The team said they immediately disclosed their findings to Apple when they first discovered an infected device owned by an individual employed by a Washington DC-based civil society organization with international offices.

Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. In a separate alert, Citizen Lab revealed that the twin flaws have been weaponized as part of a zero-click iMessage exploit chain named BLASTPASS to deploy Pegasus on fully-patched iPhones running iOS 16.6.

The last security updates will be issued next month on the October Patch Tuesday. September 2023 Patch Tuesday forecast Microsoft will probably up their game on CVEs addressed this month, but don't expect the breadth of updates we saw last month.

Phones, tablets and workstations with unpatched CVEs are a clear and present danger. New Armis study lists the most vulnerable.

Google has rolled out monthly security patches for Android to address a number of flaws, including a zero-day bug that it said may have been exploited in the wild. Tracked as CVE-2023-35674, the high-severity vulnerability is described as a case of privilege escalation impacting the Android Framework.

WinRAR could start a wrong file after a user double- clicked an item in a specially crafted archive. That's a bit like receiving an email containing a safe-looking attachment along with a risky-looking one, deciding to start by investigating only the safe-looking one, but unknowingly firing up the risky file instead. From what we can tell, and in another irony, this bug existed in WinRAR's code for unpacking ZIP files, not in the code for processing its very own RAR file format.