Security News

Google has released the Android October security updates, addressing 41 vulnerabilities, all ranging between high and critical severity. On the 5th of each month, Google releases the complete security patch for the Android OS which contains both the framework and the vendor fixes for that month.

Google on Thursday pushed urgent security fixes for its Chrome browser, including a pair of new security weaknesses that the company said are being exploited in the wild, making them the fourth and fifth actively zero-days plugged this month alone. As is usually the case, the tech giant has refrained from sharing any additional details regarding how these zero-day vulnerabilities were used in attacks until a majority of users are updated with the patches, but noted that it's aware that "Exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild."

A report released Wednesday by cybersecurity firm Trustwave looks at why security flaws often go unpatched and how organizations can beef up their patch management. The report found that despite the high severity of some of the security flaws that popped up, more than 50% of the servers were unprotected weeks and even months after an update had been released.

Google on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that's known to have an exploit in the wild. Tracked as CVE-2021-37973, the vulnerability has been described as use after free in Portals API, a web page navigation system that enables a page to show another page as an inset and "Perform a seamless transition to a new state, where the formerly-inset page becomes the top-level document."

Proof-of-concept exploit code for three iOS zero-day vulnerabilities was published on GitHub after Apple delayed patching and failed to credit the researcher.The researcher who found the four zero-days reported them to Apple between March 10 and May 4.

Apple's macOS Finder application is currently vulnerable to a remote code execution bug, despite an apparent attempt to fix the problem. A security advisory published Tuesday by the SSD Secure Disclosure program, on behalf of researcher Park Minchan, explains that macOS Finder - which provides a visual interface for interacting with files - is vulnerable to documents with the.

Threat actors have already started targeting Internet-exposed VMware vCenter servers unpatched against a critical arbitrary file upload vulnerability patched yesterday that could lead to remote code execution. While exploit code is not yet publicly available, ongoing scanning activity was already spotted by threat intelligence company Bad Packets 12 hours ago after some of its VMware honeypots began recording attackers probing for the presence of the critical bug.

Generally speaking, file upload vulnerabilities happen when an untrusted user is allowed to upload files of their own choosing. Those untrusted files end up saved in a location where the server will subsequently treat them as trusted files instead, perhaps executing them as scripts or programs, or using them to reconfigure security settings on the server.

VMware has disclosed a critical bug in its flagship vSphere and vCenter products and urged users to drop everything and patch it. The worst of the bunch is CVE-2021-22005, described as "An arbitrary file upload vulnerability in the Analytics service" that's part of vCenter Server.

Microsoft's Patch Tuesday update last week was meant to fix print vulnerabilities in Windows but also broke network printing for many, with some admins disabling security or removing the patch to get it working. Microsoft's fix was in two phases, first to add a registry setting to increase the authorization level for remote access to printers and second, to inform admins that "The release transitions into the enforcement phase on September 14, 2021. Enforcement phase enforces the changes to address CVE-2021-1678 by increasing the authorization level without having to set the registry value." That September date was "Patch Tuesday" last week - though some admins were already having issues with network printing caused by Microsoft's other mitigation efforts.