Apple blocks update for zeroday, new fix not yet ready
Apple is blocking the RSR update the company sent to iPhone, iPad and Mac yesterday. The update served to fix a zero-day in WebKit but caused problems downloading websites. Apple products are left vulnerable in the meantime.
Apple further adds to its explanation of the issued Rapid Security Re... Read more
iPhone, iPad and Mac get emergency update for WebKit zero-day
A new zero-day in WebKit is impacting iPhones, Mac devices and iPads. Suspecting the zero-day is being actively exploited, the company is pushing an update.
Apple is implementing a Rapid Security Response (RSR) update on iPhones, iPads and Macs. "This Rapid Security Response provides important ... Read more
Hackers exploit zero-day in WordPress plugin Ultimate Member
Hackers have once again found a way to break into WordPress accounts. This time, a zero-day in the Ultimate Member plugin grants access.
Hackers can penetrate 200,000 WordPress websites through a zero-day in the Ultimate Member plugin. The plugin serves website visitors with a simple account re... Read more
Microsoft is rolling out a series of fixes for 0-day Secure Boot bug
According to Microsoft's planning, the entire bug fix process will take a year to complete.
This week Ars Technica reported on Microsoft's latest plan to eliminate a serious vulnerability affecting the boot process on various types of Windows machines. The vulnerability can be exploited by a pie... Read more
Pwn2Own event yields 27 zero-days
Security researchers managed to discover as many as 27 zero-days in major enterprise software during the three days of the Pwn2Own Vancouver 2023 event. Zero-days were found in Windows 11, Ubuntu and macOS, among others, as well as in Oracle and VMware products and Tesla's firmware.
The various ... Read more
New phishing threats exploit zero-day vulnerabilities in Windows
Recent phishing attacks use a zero-day Windows vulnerability to drop the Qbot malware without displaying Windows' usual security warnings, BleepingComputer reports.
When users download files from an 'untrusted' remote location, such as an Internet website or an email attachment, Windows adds a s... Read more
Cybercriminals hack Microsoft Exchange servers with zero-days
Microsoft confirms that cybercriminals are exploiting two zero-day vulnerabilities in Exchange Server 2013, 2016 and 2019.
The vulnerabilities allow cybercriminals to conduct remote code execution attacks. The bugs were discovered by GTSC. The security company published a mitigation guide. The ... Read more
Google issues another update to fix a zero-day in Chrome
Google issued an update to the Stable channel of its Chrome browser on Wednesday containing a patch for a vulnerability currently in the wild.
According to Google's alert, CVE-2022-2856 is a remedy for "insufficient validation of untrusted input in Intents." Intents often convey data from one pr... Read more
Cato Networks fixes zero-day vulnerability in Microsoft Office
Cato Networks developed a workaround for a zero-day vulnerability recently found in Microsoft Office. Customers of Cato Networks are immune to the vulnerability.
Cato Networks provides a Secure Access Service Edge service (SASE). The service has two components. First, it connects customers' appl... Read more
Microsoft fixes Windows AppX Installer exploit, blocks Emotet spread
Microsoft squashes multiple vulnerabilities in its solutions. Among them is critical spoofing vulnerability CVE-2021-43890, frequently exploited for Emotet, Trickbot and Bazaloader attacks.
Microsoft releases a December update fixing various vulnerabilities through no less than 67 patches. In No... Read more