Update your iPhone, Mac, Watch: Apple issues patches for several vulnerabilities | Malwarebytes
Apple has issued patches for several of its operating systems. The ones for iOS and iPadOS deserve your immediate attention.
GitLab Critical Patch Release: 17.3.3, 17.2.7, 17.1.8, 17.0.8, 16.11.10
Learn more about GitLab Critical Patch Release: 17.3.3, 17.2.7, 17.1.8, 17.0.8, 16.11.10 for GitLab Community Edition (CE) and Enterprise Edition (EE).
Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs
Today is Microsoft's June 2024 Patch Tuesday, which includes security updates for 51 flaws, eighteen remote code execution flaws, and one publicly disclosed zero-day vulnerability. #Microsoft #Patch #Security #Tuesday #Update #Vulnerability #Windows
Sophos has patched EOL Firewall versions against a critical flaw exploited in the wild, after identifying a new exploit.
UK-based cybersecurity firm Sophos this week announced patches for an exploited vulnerability in Firewall versions that have reached End-of-Life (EOL). The critical-severity flaw, tracked as CVE-2022-3236, was found to impact versions 19.0 MR1 (19.0.1) and older of the product. It was originally patched in September 2022, but only in supported versions of Sophos Firewall. Sophos describes the security defect as a code injection issue in the Firewall’s User Portal and Webadmin components, allowing attackers to achieve remote code execution (RCE).
Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws
Apple has released patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address multiple vulnerabilities.
Microsoft Patch Tuesday November 2023
Today, Microsoft released patches for 64 different vulnerabilities in Microsoft products, 14 vulnerabilities in Chromium affecting Microsoft Edge, and five vulnerabilities affecting Microsoft's Linux distribution, Mariner. Three of these vulnerabilities are already being exploited, and three have been made public before the release of the patches.
Apple neglects to patch multiple critical vulnerabilities in macOS
Apple is neglecting to patch high-severity vulnerabilities in open-source components of macOS Sonoma, including curl and LibreSSL.
Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks
Mozilla released emergency security updates today to fix a critical zero-day vulnerability exploited in the wild, impacting its Firefox web browser and Thunderbird email client.
ASUS urges customers to patch critical router vulnerabilities
ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately update their devices or restrict WAN access until they're secured.
Analysis of CVE-2023-27997 and Clarifications on Volt Typhoon Campaign
Affected Platforms: FortiOS Impacted Users: Targeted at government, manufacturing, and critical infrastructure Impact: Data loss and OS and file corruption Severity Level: Critical Today, Fortinet published a CVSS Critical PSIRT Advisory (FG-IR-23-097 / CVE-2023-27997) along with several other SSL-VPN related fixes. This blog adds context to that advisory, providing our customers with additional details to help them make informed, risk-based decisions, and provides our perspective relative to recent events involving malicious actor activity.
Cisco warns of critical flaw in ClamAV antivirus
Switchzilla hardware and software need attention, unless you fancy arbitrary remote code execution
Google pushes emergency Chrome update to fix 8th zero-day in 2022
Google has released an emergency security update for the desktop version of the Chrome web browser, addressing the eighth zero-day vulnerability exploited in attacks this year.
Firefox fixes fullscreen fakery flaw – get the update now! – Naked Security
What’s so bad about a web page going fullscreen without warning you first?
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft this week released an out-of-band security update for its Endpoint Configuration Manager solution to patch a vulnerability that could be useful to malicious actors for moving around in a targeted organization’s network. The vulnerability is tracked as CVE-2022-37972 and it has been described by Microsoft as a medium-severity spoofing issue. The tech giant has credited Brandon Colley of Trimarc Security for reporting the flaw.
Apple has pushed a silent Mac update to remove hidden Zoom web server
Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission. The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which […]
2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP!
Mozilla has pushed out-of-band software updates to its Firefox web browser to contain two high-impact security vulnerabilities, both of which it says are being actively exploited in the wild.
Cisco warns of critical flaw in ClamAV antivirus
Switchzilla hardware and software need attention, unless you fancy arbitrary remote code execution
Google pushes emergency Chrome update to fix 8th zero-day in 2022
Google has released an emergency security update for the desktop version of the Chrome web browser, addressing the eighth zero-day vulnerability exploited in attacks this year.
Firefox fixes fullscreen fakery flaw – get the update now! – Naked Security
What’s so bad about a web page going fullscreen without warning you first?
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft this week released an out-of-band security update for its Endpoint Configuration Manager solution to patch a vulnerability that could be useful to malicious actors for moving around in a targeted organization’s network. The vulnerability is tracked as CVE-2022-37972 and it has been described by Microsoft as a medium-severity spoofing issue. The tech giant has credited Brandon Colley of Trimarc Security for reporting the flaw.
Apple has pushed a silent Mac update to remove hidden Zoom web server
Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission. The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which […]
2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP!
Mozilla has pushed out-of-band software updates to its Firefox web browser to contain two high-impact security vulnerabilities, both of which it says are being actively exploited in the wild.
Apple has pushed a silent Mac update to remove hidden Zoom web server
Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission. The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which […]
2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP!
Mozilla has pushed out-of-band software updates to its Firefox web browser to contain two high-impact security vulnerabilities, both of which it says are being actively exploited in the wild.