Security News

Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year. CVE-2021-30661 - Processing maliciously crafted web content may lead to arbitrary code execution.

Atlassian is prompting its enterprise customers to patch a critical vulnerability in many versions of its Jira Data Center and Jira Service Management Data Center products. The vulnerability tracked as CVE-2020-36239 can give remote attackers arbitrary code execution abilities, due to a missing authentication flaw in Jira's implementation of Ehcache, an open-source component.

Microsoft rolled out Patch Tuesday updates for the month of July with fixes for a total of 117 security vulnerabilities, including nine zero-day flaws, of which four are said to be under active attacks in the wild, potentially enabling an adversary to take control of affected systems. "This Patch Tuesday comes just days after out-of-band updates were released to address PrintNightmare - the critical flaw in the Windows Print Spooler service that was found in all versions of Windows," Bharat Jogi, senior manager of vulnerability and threat research at Qualys, told The Hacker News.

Hackers have started targeting a critical WooCommerce vulnerability only days after patches started rolling out, patchstack says. WooCommerce is a popular open-source eCommerce plugin for WordPress, with more than 5 million installations to date, making it an attractive target for cybercriminals.

Google has pushed out a new security update to Chrome browser for Windows, Mac, and Linux with multiple fixes, including a zero-day that it says is being exploited in the wild. The latest patch resolves a total of eight issues, one of which concerns a type confusion issue in its V8 open-source and JavaScript engine.

Microsoft has addressed the Windows 10 printing issues caused by changes introduced in the June 2021 cumulative update preview with an update issued during this month's Patch Tuesday. To resolve the printing issues, Microsoft released an emergency fix for Windows 10 2004, Windows 10 20H2, and Windows 10 21H1 on July 9, rolling it out via the Known Issue Rollback feature.

Industrial giants Siemens and Schneider Electric on Tuesday released a total of two dozen advisories covering roughly 100 vulnerabilities affecting their products. The 18 new advisories prepared by Siemens for the July 2021 Patch Tuesday cover nearly 80 vulnerabilities impacting the company's products.

Microsoft released an XL-sized bundle of security fixes for its products for this month's Patch Tuesday, and other vendors are close behind in issuing updates. The Windows goliath's batch for July has 117 patches, 13 for what's said to be critical bugs, 103 important, and one moderate.

Microsoft today released updates to patch at least 116 security holes in its Windows operating systems and related software. Another 103 of the security holes patched this month were flagged as "Important," which Microsoft assigns to vulnerabilities "Whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources."

Microsoft has fixed 117 CVEs, 4 of which are actively exploited. "A pair of Windows kernel privilege elevation flaws should also be high on the patch list as they are being actively exploited. These are exactly the type of vulnerabilities in the ransomware attack toolkit, allowing threat actors to boost their user level from user to admin, for greater control over the environment. Admins should keep an eye on existing and new accounts for suspicious activity."