Security News

Intel addressed 95 vulnerabilities as part of the November 2020 Patch Tuesday, including critical ones affecting Intel Wireless Bluetooth products and Intel Active Management Technology. The issues were detailed in the 40 security advisories published by Intel on its Product Security Center, with the company having delivered security and functional updates to users through the Intel Platform Update process.

Mozilla and Google have already patched the critical Firefox and Chrome vulnerabilities exploited recently by white hat hackers at a competition in China. The flaw was fixed with the release of Firefox 82.0.3, Firefox ESR 78.4.1 and Thunderbird 78.4.2 just a couple of days after it was disclosed at the 2020 Tianfu Cup International PWN Contest, which took place over the past weekend in China.

Adobe on Tuesday informed customers that it has patched vulnerabilities in its Reader Mobile and Connect products, but none of them appears too serious. The company says the patches are already being rolled out to hosted services and they should become available for on-premises deployments later this week.

Today is Microsoft's November 2020 Patch Tuesday, and Windows administrators worldwide will be running around putting out fires all day, so be nice to them. With the November 2020 Patch Tuesday security updates release, Microsoft has released fixes for 112 vulnerabilities in Microsoft products.

Apple on Thursday released patches for tens of vulnerabilities across its products, including three flaws that are actively exploited in attacks. The three vulnerabilities were discovered by Google Project Zero researchers and could lead to remote code execution, leak of kernel memory, and escalation of privilege to kernel level, respectively, Project Zero technical lead Ben Hawkes says.

Trend Micro has patched several vulnerabilities in its InterScan Messaging Security product, including flaws that could have a serious impact. InterScan Messaging Security is an email and collaboration security product designed to provide protection against spam, phishing and sophisticated attacks.

Google this week announced the availability of a new set of monthly patches for the Android operating system, containing fixes for a total of 30 vulnerabilities. The first part of the update, the 2020-11-01 security patch level addresses a total of 17 vulnerabilities in the Android runtime, Framework, Media Framework, and System components.

"Our goal," writes Metcalf, "Is to create neutral names that provides a means for people to remember vulnerabilities without implying how scary the particular vulnerability in question is." There is no doubt that there is no apparent emotive bias to the new naming convention, but much still needs to be done on the project - and it is not entirely clear that two disconnected words are any better than one emotive word.

Adobe on Tuesday informed customers that it has patched over a dozen vulnerabilities in its Acrobat products, including critical flaws that can be exploited for arbitrary code execution. The company says it has fixed a total of 14 security holes in the Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, and Acrobat Reader 2017.

Google has released updates to address multiple vulnerabilities in the Chrome browser, including two that are actively exploited in attacks. Less than two weeks ago, Google released patches for other high-severity flaws in Chrome, including CVE-2020-15999, an actively exploited zero-day in FreeType.