Security News

June 2023 Patch Tuesday forecast: Don’t forget about Apple
2023-06-09 05:25

On the positive side, Apple hosted its annual Worldwide Developers Conference this week with announcements around the new Vision Pro 'spatial computer' powered by the new visionOS, iOS 17 updates, the upcoming Sonoma OS release, new M2 hardware, and much more. On the negative side, in mid-May Apple released zero-day updates to address three critical vulnerabilities.

Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability - Update Now!
2023-06-06 10:21

Google on Monday released security updates to patch a high-severity flaw in its Chrome web browser that it said is being actively exploited in the wild.Tracked as CVE-2023-3079, the vulnerability has been described as a type confusion bug in the V8 JavaScript engine.

CISA orders govt agencies to patch MOVEit bug used for data theft
2023-06-04 15:14

CISA has added an actively exploited security bug in the Progress MOVEit Transfer managed file transfer solution to its list of known exploited vulnerabilities, ordering U.S. federal agencies to patch their systems by June 23. The critical flaw is an SQL injection vulnerability that enables unauthenticated, remote attackers to gain access to MOVEit Transfer's database and execute arbitrary code.

WordPress force installs critical Jetpack patch on 5 million sites
2023-05-30 22:01

Automattic, the company behind the open-source WordPress content management system, has started force installing a security patch on millions of websites today to address a critical vulnerability in the Jetpack WordPress plug-in. According to the official WordPress plug-in repository, the plug-in is maintained by Automattic, and it now has over 5 million active installations.

CISA orders govt agencies to patch iPhone bugs exploited in attacks
2023-05-22 16:05

Today, the U.S. Cybersecurity & Infrastructure Security Agency ordered federal agencies to address three recently patched zero-day flaws affecting iPhones, Macs, and iPads known to be exploited in attacks. iPhone 6s, iPhone 7, iPhone SE, iPad Air 2, iPad mini, iPod touch, and iPhone 8 and later.

Apple’s secret is out: 3 zero-days fixed, so be sure to patch now!
2023-05-19 18:02

Apple have just introduced "Rapid Security Responses." People are reporting that they take seconds to download and require one super-quick reboot. These new Rapid Security Responses were only available for the very latest version of macOS and the latest iOS/iPadOS, which left users of older Macs and iDevices, as well as owners of Apple Watches and Apple TVs, in the dark.

Identifying a Patch Management Solution: Overview of Key Criteria
2023-05-17 11:54

An evaluation that begins with a focus on specific key criteria - essential attributes and functionality likely to be offered by many vendors but not all - will allow IT teams to narrow down their options as they work to identify the best solution for their organization's patch management needs. In Linux operating systems, the platform must determine whether a patch can be applied or if an existing patch must be removed before the new patch is applied, at which point the original patch can be reinstalled.

Why Microsoft just patched a patch that squashed an under-attack Outlook bug
2023-05-12 23:17

If a miscreant carefully crafted a mail with that sound path set to a remote SMB server, when Outlook fetched and processed the message, and automatically followed the path to the file server, it would hand over the user's Net-NTLMv2 hash in an attempt to log in. The patch from a couple of months ago made Outlook use the Windows function MapUrlToZone to inspect where a notification sound path was really pointing, and if it was out to the internet, it would be ignored and the default sound would play.

Bootkit zero-day fix – is this Microsoft’s most cautious patch ever?
2023-05-10 18:50

Although you'll get the patch if you perform a full Patch Tuesday download and let the update complete. The full patch involves updating Microsoft's bootup code in your hard disk's startup partition, and then telling your motherboard not to trust the old, insecure bootup code any more.

Easily bypassed patch makes zero-click Outlook flaw exploitable again (CVE-2023-29324)
2023-05-10 14:51

Among the vulnerabilities fixed by Microsoft on May 2023 Patch Tuesday is CVE-2023-29324, a bug in the Windows MSHTML platform that Microsoft rates as "Important." Akamai's research team and Ben Barnea, the researcher who's credited with finding the flaw, disagree with that assessment, because "The new vulnerability re-enables the exploitation of a critical vulnerability that was seen in the wild and used by APT operators."