Security News

Cisco urges admins to fix IOS software zero-day exploited in attacks
2023-09-28 15:34

Cisco warned customers on Wednesday to patch a zero-day IOS and IOS XE software vulnerability targeted by attackers in the wild."An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker," Cisco explained in a security advisory published on Wednesday.

Yet another Chrome zero-day exploited in the wild! (CVE-2023-5217)
2023-09-28 11:46

Google has fixed another critical zero-day vulnerability in Chrome that is being exploited in the wild. The vulnerability is caused by a heap buffer overflow in vp8 encoding in libvpx - a video codec library from Google and the Alliance for Open Media.

Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability
2023-09-28 03:13

Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a...

Google fixes fifth actively exploited Chrome zero-day of 2023
2023-09-27 22:12

Google has patched the fifth Chrome zero-day vulnerability exploited in attacks since the start of the year in emergency security updates released today. Today, Google TAG's Maddie Stone revealed that the CVE-2023-5217 zero-day vulnerability was exploited to install spyware.

Chrome zero-day is actually in libwebp (CVE-2023-5129)
2023-09-27 11:46

The Chrome zero-day exploited in the wild and patched by Google a few weeks ago has a new ID and a description that tells the whole story: the vulnerability is not in Chrome, but the libwebp library, which is used by many popular applications for encoding/decoding the WebP image format.The source of the vulnerability is a flawed implementation of the Huffman coding algorithm, which may allow attackers to trigger a heap buffer overflow and to execute arbitrary code.

New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware
2023-09-23 06:12

The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former...

Recently patched Apple, Chrome zero-days exploited in spyware attacks
2023-09-22 18:16

Security researchers with The Citizen Lab and Google's Threat Analysis Group revealed today that three zero-days patched by Apple on Thursday were abused as part of an exploit chain to install Cytrox's Predator spyware. Google TAG also observed the attackers using a separate exploit chain to drop Predator spyware on Android devices in Egypt, exploiting CVE-2023-4762-a Chrome bug patched on September 5th-as a zero-day to gain remote code execution.

Apple fixes 3 zero-day vulnerabilities exploited to compromise iPhones
2023-09-22 10:05

Apple has released updates for iOS and iPadOS, macOS, watchOS, and Safari to fix three zero-day vulnerabilities exploited "Against versions of iOS before iOS 16.7.". Earlier this month, Apple closed two zero-day vulnerabilities that have been chained together by attackers to deliver NSO Group's Pegasus spyware.

Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
2023-09-22 02:11

Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day...

Apple emergency updates fix 3 new zero-days exploited in attacks
2023-09-21 17:57

Apple released emergency security updates to patch three new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 16 zero-days fixed this year.While Apple has yet to provide additional details regarding the flaws' exploitation in the wild, Citizen Lab and Google Threat Analysis Group security researchers have often disclosed zero-day bugs abused in targeted spyware attacks targeting high-risk individuals, including journalists, opposition politicians, and dissidents.