Security News

Update Adobe Acrobat and Reader to Patch Actively Exploited Vulnerability
2023-09-13 02:57

Adobe's Patch Tuesday update for September 2023 comes with a patch for a critical actively exploited security flaw in Acrobat and Reader that could permit an attacker to execute malicious code on susceptible systems. The vulnerability, tracked as CVE-2023-26369, is rated 7.8 for severity on the CVSS scoring system and impacts both Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020.

Mozilla Rushes to Patch WebP Critical Zero-Day Exploit in Firefox and Thunderbird
2023-09-13 01:50

Mozilla on Tuesday released security updates to resolve a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in the wild, a day after Google released a fix for the issue in its Chrome browser. The shortcoming, assigned the identifier CVE-2023-4863, is a heap buffer overflow flaw in the WebP image format that could result in arbitrary code execution when processing a specially crafted image.

Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws
2023-09-12 18:11

Today is Microsoft's September 2023 Patch Tuesday, with security updates for 59 flaws, including two actively exploited zero-day vulnerabilities. Microsoft also shared fixes for two flaws in non-Microsoft products, Electron and Autodesk, and four Microsoft Edge vulnerabilities on September 7th. To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5030219 cumulative update and Windows 10 KB5030211 updates released.

Chrome, Firefox and more caught with their WebP down, offer hasty patch-up
2023-09-12 15:00

Google has rushed out a fix for a vulnerability in its Chrome browser, noting that an exploit already exists in the wild. The search giant has followed Apple in hurriedly issuing an update in response to research from The Citizen Lab at The University of Toronto's Munk School.

Chrome zero-day exploited in the wild, patch now! (CVE-2023-4863)
2023-09-12 09:36

Google has rolled out a security update for a critical Chrome zero-day vulnerability exploited in the wild.Chrome generally applies the update automatically when users close and reopen the browser.

Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now
2023-09-12 05:15

Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. With the latest fix, Google has addressed a total of four zero-days in Chrome since the start of the year -.

Week in review: 6 free resources for getting started in cybersecurity, Patch Tuesday forecast
2023-09-10 08:00

LibreOffice: Stability, security, and continued developmentLibreOffice, the most widely used open-source office productivity suite, has plenty to recommend it: it's feature-rich, user-friendly, well-documented, reliable, has an active community of developers working on improving it, and it's free. North Korean hackers target security researchers with zero-day exploitNorth Korean threat actors are once again attempting to compromise security researchers' machines by employing a zero-day exploit.

Apple races to patch the latest zero-day iPhone exploit
2023-09-08 11:36

Apple devices are again under attack, with a zero-click, zero-day vulnerability used to deliver Pegasus spyware to iPhones discovered in the wild. Researchers at Citizen Lab are referring to the exploit as BLASTPASS. The team said they immediately disclosed their findings to Apple when they first discovered an infected device owned by an individual employed by a Washington DC-based civil society organization with international offices.

Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones
2023-09-08 11:27

Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. In a separate alert, Citizen Lab revealed that the twin flaws have been weaponized as part of a zero-click iMessage exploit chain named BLASTPASS to deploy Pegasus on fully-patched iPhones running iOS 16.6.

September 2023 Patch Tuesday forecast: Important Federal government news
2023-09-08 05:08

The last security updates will be issued next month on the October Patch Tuesday. September 2023 Patch Tuesday forecast Microsoft will probably up their game on CVEs addressed this month, but don't expect the breadth of updates we saw last month.