Security News

Microsoft has patched 51 security vulnerabilities in its scheduled August Patch Tuesday update, including seven critical bugs, two issues that were publicly disclosed but unpatched until now, and one that's listed as a zero-day that has been exploited in the wild. "Despite its CVSS rating of 9.9, this may prove to be a trivial bug, but it's still fascinating," said Dustin Childs of Trend Micro's Zero Day Initiative in his Tuesday analysis.

Microsoft's August 2021 Patch Tuesday is pretty lightweight, through it covers a wide variety of Microsoft solutions. 44 CVE-numbered security holes have been plugged, seven of which are critical, and one is actively exploited.

Today is Microsoft's August 2021 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities and a total of 44 flaws, so please be nice to your Windows admins as they scramble to installed patches. Microsoft has fixed 44 vulnerabilities with today's update, with seven classified as Critical and 37 as Important.

In a Thursday security advisory update, Cisco revealed that a remote code execution vulnerability in the Adaptive Security Device Manager Launcher disclosed last month is a zero-day bug that has yet to receive a security update. Cisco ADSM is a firewall appliance manager that provides a web interface for managing Cisco Adaptive Security Appliance firewalls and AnyConnect Secure Mobility clients.

A free unofficial patch has been released to protect Windows users from all new PrintNightmare zero-day vulnerabilities discovered since June. Technical details and a proof-of-concept exploit for a new Windows print spooler vulnerability named 'PrintNightmare' was accidentally disclosed in June.

Prominent security practitioner Matt Tait kicked off the annual Black Hat security conference Wednesday with a call for platform vendors to make major technology changes to help cope with the surge in major software supply chain attacks. Tait, an outspoken researcher who has held stints at Google's Project Zero and the U.K.'s GCHQ intelligence agency, said mobile platforms must immediately start providing improved "On-device observability" to help defenders cope with ongoing in-the-wild zero-day attacks.

Now it's Apple's turn to be in the patch-right-now spotlight, with a somewhat under-announced emergency zero-day fix, just a few days after the company's last, and much broader, security update. These include elevation of privilege, where an otherwise uninteresting app suddenly gets the same sort of power as the operating system itself, or even remote code execution, where an otherwise innocent operation, such as viewing a web page or opening up an image, could trick the kernel into running completely untrusted code that didn't come from Apple itself.

There are three new, unpatched zero-day vulnerabilities in Kaseya Unitrends that include remote code execution and authenticated privilege escalation on the client-side. Kaseya Unitrends is a cloud-based enterprise backup and disaster recovery technology that's delivered as either disaster recovery-as-a-service or as an add-on for the Kaseya Virtual System/Server Administrator remote management platform.

Apple patched a zero-day flaw on Monday, found in both its iOS and macOS platforms that's being actively exploited in the wild and can allow attackers to take over an affected system. Apple released three updates, iOS 14.7., iPadOS 14.7.1 and macOS Big Sur 11.5.1 to patch the vulnerability on each of the platforms Monday.

The bug, CVE-2021-30807, was found in the iGiant's IOMobileFrameBuffer code, a kernel extension for managing the screen frame buffer that could be abused to run malicious code on the affected device. Apple did not say who might be involved in the exploitation of this bug.