Security News

Lexmark printers - those ubiquitous, inky office workhorses that fill homes and offices, and are found all the way on up to the federal government - have an unpatched vulnerability that could lead to serious, easy-to-execute attacks that require neither privileges nor user interaction and which can lead to arbitrary code execution. Beyond known security vulnerabilities, Lexmark printers have in the past been prone to a trivial hack thanks to what researchers have called "Gross negligence" on the part of users.

Google's ongoing struggles with in-the-wild zero-day attacks against its flagship Chrome browser isn't going away anytime soon. For the sixth time this year, the search giant shipped a Chrome point-update to fix code execution holes that the company says is already being exploited by malicious hackers.

Google has released Chrome 91.0.4472.114 for Windows, Mac, and Linux to fix four security vulnerabilities, with one of them a high severity zero-day vulnerability exploited in the wild. Google Chrome will automatically attempt to upgrade the browser the next time you launch the program, but you can perform a manual update by going to Settings > Help > 'About Google Chrome'.

Apple has fixed two iOS zero-day vulnerabilities that "May have been actively exploited" to hack into older iPhone, iPad, and iPod devices. Webkit is a browser rendering engine used by Apple web browsers and applications to render HTML content on desktop and mobile platforms, including iOS, macOS, tvOS, and iPadOS. Attackers could exploit the two vulnerabilities using maliciously crafted web content that would trigger arbitrary code execution after being loaded by the targets on unpatched devices.

Apple on Monday shipped out-of-band security patches to address two zero-day vulnerabilities in iOS 12.5.3 that it says are being actively exploited in the wild. The latest update, iOS 12.5.4, comes with fixes for three security bugs, including a memory corruption issue in ASN.1 decoder and two flaws concerning its WebKit browser engine that could be abused to achieve remote code execution -.

Microsoft's Patch Tuesday announcement was bad enough, with six in-the-wild vulnerabilities patched, including one buried in the vestiges of Internet Explorer's MSHTML web rendering code. It's been followed by Google's latest Chrome security advisory, which includes a zero-day patch to Chrome's JavaScript engine amongst its 14 officially listed security fixes.

Google this week released patches for 14 vulnerabilities in the Chrome browser, including a security flaw that has been exploited in the wild. "Google is aware that an exploit for CVE-2021-30551 exists in the wild," the company said, without providing further technical details.

Google has released Chrome 91.0.4472.101 for Windows, Mac, and Linux to fix 14 security vulnerabilities, with one zero-day vulnerability exploited in the wild and tracked as CVE-2021-30551. Google Chrome 91.0.4472.101 has started rolling out worldwide and will become available to all users over the next few days.

Microsoft on Tuesday released another round of security updates for Windows operating system and other supported software, squashing 50 vulnerabilities, including six zero-days that are said to be under active attack. The flaws were identified and resolved in Microsoft Windows,.

Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks. June's Patch Tuesday addresses just 49 security holes - about half the normal number of vulnerabilities lately.