Security News

Apple Jailbreak Zero-Day Gets a Patch
2020-06-02 13:53

Apple quietly pushed out a small but important update for operating systems across all of its devices, including a patch for a zero-day exploit used in an iPhone jailbreak tool released last week. Jailbreak tools take advantage of vulnerabilities in iOS to allow users root access and full control of their device, in order to load programs and code from outside of the Apple walled garden.

'Beyond stupid': Linus Torvalds trashes 5.8 Linux kernel patch over opt-in Intel CPU bug mitigation
2020-06-02 12:19

Linus Torvalds has removed a patch in the next release of the Linux kernel intended to provide additional opt-in mitigation of attacks against the L1 data CPU cache. The patch from AWS engineer Balbir Singh was to provide "An opt-in mechanism to flush the L1D cache on context switch. The goal is to allow tasks that are paranoid due to the recent snoop-assisted data sampling vulnerabilities, to flush their L1D on being switched out. This protects their data from being snooped or leaked via side channels after the task has context switched out."

'Beyond stupid': Linus Torvalds trashes 5.8 Linux kernel patch over opt-in Intel CPU bug mitigation
2020-06-02 12:19

Linus Torvalds has removed a patch in the next release of the Linux kernel intended to provide additional opt-in mitigation of attacks against the L1 data CPU cache. The patch from AWS engineer Balbir Singh was to provide "An opt-in mechanism to flush the L1D cache on context switch. The goal is to allow tasks that are paranoid due to the recent snoop-assisted data sampling vulnerabilities, to flush their L1D on being switched out. This protects their data from being snooped or leaked via side channels after the task has context switched out."

VMware Fixes Fusion Vulnerability Introduced by Previous Patch
2020-06-01 08:03

An update released last week by VMware for the macOS version of Fusion attempts to fix a serious privilege escalation vulnerability introduced by a previous patch. VMware informed customers in mid-March that it had patched a high-severity privilege escalation vulnerability in Fusion, Remote Console and Horizon Client for Mac.

Great news. Patch load drops 20% for the first time in 10 years. Bad news: Well, you've heard about coronavirus?
2020-05-29 10:45

Over the first quarter of 2020, the number of security bugs disclosed by software makers fell 20 per cent though not for any of the right reasons, it seems. Analysts at Risk Based Security cited both internal data and public reports from vendors in putting the number of security vulnerabilities reported over the first three months of the year at 4,968, down from 6,198 over the same period in 2019.

Great news. Patch load drops 20% for the first time in 10 years. Bad news: Well, you've heard about coronavirus?
2020-05-29 10:45

Over the first quarter of 2020, the number of security bugs disclosed by software makers fell 20 per cent though not for any of the right reasons, it seems. Analysts at Risk Based Security cited both internal data and public reports from vendors in putting the number of security vulnerabilities reported over the first three months of the year at 4,968, down from 6,198 over the same period in 2019.

You, Apple Mac fan. Put down the homemade oat-milk latte, you need to patch a load of security bugs, too
2020-05-28 15:45

Apple has alerted users about a bunch of security fixes for its software on supported versions of macOS that you ought to install as soon as you can. The SSLab trio also found CVE-2020-9801 in Safari that can be exploited by malware already running on a Mac to force the browser to open another application.

You, Apple Mac fan. Put down the homemade oat-milk latte, you need to patch a load of security bugs, too
2020-05-28 15:45

Apple has alerted users about a bunch of security fixes for its software on supported versions of macOS that you ought to install as soon as you can. The SSLab trio also found CVE-2020-9801 in Safari that can be exploited by malware already running on a Mac to force the browser to open another application.

Docker Desktop danger discovered, patch now
2020-05-26 14:56

Docker has fixed a vulnerability that could have allowed an attacker to gain control of a Windows system using its service. The bug, discovered by Ceri Coburn, a researcher at security consultancy Pen Test Partners, exposed Docker for Windows to privilege elevation.

Adobe “out of band” critical patch – get your update now!
2020-05-21 18:42

Adobe just published a foursome of very tight-lipped security notifications about new patches. The bulletin APSB20-26 actually came out last week, on Patch Tuesday, leaving a gap at -25, suggesting that at least the patch in bulletin APSB20-15 was prepared in time for Patch Tuesday but didn't make the final cut, perhaps to give it time for additional testing or tweaking.