Patch News, Articles and Updates

Drupal patches two critical vulnerabilities

Drupal patches two critical vulnerabilities

By

The Drupal Security Team issued updates for a pair of critical flaws, one allowing remote code execution and another giving access to parts of the system without full administrative permissions.

Researcher rewarded for finding Facebook Business Manager account takeover flaw

Researcher rewarded for finding Facebook Business Manager account takeover flaw

By

Security researcher Arun Sureshkumar earned $16,000 after disclosing a vulnerability in Facebook Business Manager that, if exploited, could have allowed attackers to take over a targeted victim's Facebook page.

Google Chrome releases stable channel update

Google Chrome releases stable channel update

By

Google Chrome released a stable channel update for its desktop applications for Windows, Mac and Linux.

Patch Tuesday: Microsoft rolls out 14 bulletins, prepares new updating system for October

Patch Tuesday: Microsoft rolls out 14 bulletins, prepares new updating system for October

By

Microsoft's September Patch Tuesday offering that rolled out today is the last to be delivered under this update system with the company moving to a "monthly rollup" delivery mechanism starting in October, something not all industry insiders see as a positive move.

Independent researcher spots unpatched MySQL vulnerability

Independent researcher spots unpatched MySQL vulnerability

By

Information security researcher Dawid Golunski spotted several critical vulnerabilities in MySQL.

Patch Tuesday: Adobe issues fixes for 29 Flash Player vulnerabilties

Patch Tuesday: Adobe issues fixes for 29 Flash Player vulnerabilties

By

September's Patch Tuesday kicked off with a notification from Adobe that it has made available security updates for Adobe Digital Editions, AIR SDK & Compiler and Flash Player, which alone had 29 critical vulnerabilities.

WordPress update fixes XSS issues

WordPress update fixes XSS issues

By

Bloggers using the WordPress platform are "strongly encouraged" to update their sites immediately to address persistent XSS issues.

Google patches 57 Android vulnerabilities, attempts to resolve Mediaserver attacks

Google patches 57 Android vulnerabilities, attempts to resolve Mediaserver attacks

By

Google has released patches for 57 security vulnerabilities affecting Android devices. Eight of the flaws were issued a "critical" rating.

Apple issues updates to prevent spying on desktop

Apple issues updates to prevent spying on desktop

By

Last week, Apple issued security updates to patch a serious flaw affecting iPhone and iPad users. Yesterday it addressed a similar flaw on its desktops.

Chrome's newest version contains 33 security fixes; Cisco patches two critical vulnerabilities

Chrome's newest version contains 33 security fixes; Cisco patches two critical vulnerabilities

By

On the same day that Cisco issued 12 advisories addressing vulnerabilities in its product line -all but one resolved via updates - Google yesterday announced the stable release of Chrome 53, which contains 33 of its own security fixes.

Adobe issued hotfix for critical information disclosure vulnerability in ColdFusion

Adobe issued hotfix for critical information disclosure vulnerability in ColdFusion

By

Adobe today has released security hotfixes for a critical information disclosure vulnerability that exists in ColdFusion versions 10 and 11, across all platforms.

Kaspersky patches DoS and kernel flaws affecting drivers

Kaspersky patches DoS and kernel flaws affecting drivers

By

A series of flaws affecting the consumer security suite Kaspersky Internet Security was patched by Kaspersky Lab.

Accellion Kiteworks contain XSS vulnerabilities

Accellion Kiteworks contain XSS vulnerabilities

By

Accellion Kiteworks appliance versions prior to kw2016.03.00 contain multiple vulnerabilities which can allow an attacker to conduct cross-site scripting attacks or to view limited sets of files.

Cisco updates advisory: "We have started publishing fixes" for NSA-linked exploits

Cisco updates advisory: "We have started publishing fixes" for NSA-linked exploits

By

Cisco updated a security advisory for a remote code execution vulnerability affecting the SNMP application-layer protocol.

VMware fixes flaws in Identity Manager, vRealize Automation

VMware fixes flaws in Identity Manager, vRealize Automation

By

VMware released security updates this week to address a local privilege escalation vulnerability in its VMware Identity Manager and vRealize Automation software, as well as a remote code execution vulnerability in the latter product.

2FA flaw in PayPal's login portal fixed

2FA flaw in PayPal's login portal fixed

By

A two-factor authentication (2FA) vulnerability affecting PayPal's login portal process has been patched.

Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak

Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak

By

Snowden documents were published Friday, strengthening evidence that code leaked by the Shadow Brokers contains zero-day exploits used by the NSA.

Proxy authentication flaw affects Apple, Microsoft, Oracle, Opera

Proxy authentication flaw affects Apple, Microsoft, Oracle, Opera

By

Vulnerabilities affecting the implementation of proxy authentication could lead to an attacker launching man-in-the-middle attacks and intercepting HTTPS traffic possibly affecting including Apple, Microsoft, Opera, and Oracle products.

Cisco patches vulnerability in its IOS XR Software

Cisco patches vulnerability in its IOS XR Software

By

Cisco has released an update to patch a vulnerability in its IOS XR Software for Cisco ASR 9001 Aggregation Services Routers that could lead to a denial of service condition.

Samsung releases Galaxy S6 Edge update, includes patch for a critical security vulnerability

Samsung releases Galaxy S6 Edge update, includes patch for a critical security vulnerability

By

Samsung has not provided details of the critical vulnerability, which appears to be exclusive to the S6 edge, prompting speculation that the flaw may be related to the QuadRooter vulnerabilities.

Microsoft's 'golden key' bypassing Secure Boot reignites backdoor debate

Microsoft's 'golden key' bypassing Secure Boot reignites backdoor debate

By

Researchers published information about a Windows security error that reignites the debate involving device back doors.

Damage dealer: Breach of Dota 2 gaming forum exposes 1.9 million accounts

Damage dealer: Breach of Dota 2 gaming forum exposes 1.9 million accounts

By

While players of Valve Corporation's online battle arena game Dota 2 were busy fighting each other for supremacy, a real-life adversary stole 1,923,972 account records from the official Dota2 forum's database.

Apple blocks Pangu jailbreak bug with OS upgrade 9.3.4

Apple blocks Pangu jailbreak bug with OS upgrade 9.3.4

By

Apple quietly issued "an important security" update on Thursday to its operating system pushing out iOS 9.3.4.

SAPCAR file decompression flaws patched

SAPCAR file decompression flaws patched

By

Researchers discovered a series of vulnerabilities affecting the archive program SAPCAR used to compress and decompress files.

Patch Tuesday: Adobe releases hotfixes to four patch bugs

Patch Tuesday: Adobe releases hotfixes to four patch bugs

By

Adobe Experience Manager received a "hotfix" to patch four vulnerabilities that could allow cross scripting attacks.

Patch Tuesday: Adobe releases hotfixes to four patch bugs

Patch Tuesday: Adobe releases hotfixes to four patch bugs

By

Adobe Experience Manager received a "hotfix" to patch four vulnerabilities that could allow cross scripting attacks.

Apple offers bug bounty program

Apple offers bug bounty program

By

Apple is offering up to $200,000 to researchers reporting critical security vulnerabilities in Apple software, including its underlying operating system.

Smart lighting flaws fixed

Smart lighting flaws fixed

By

Researchers at Rapid7 detected nine vulnerabilities in the Osram LIGHTIFY line of smart lighting.

Xen hypervisor vulnerability found

Xen hypervisor vulnerability found

By

A bug impacting all versions of open source Xen hybervisor that could allow an attacker to gain host privileges has been reported.

LastPass pushes patch for message-hijacking bug; confirms older password-stealing vulnerability

LastPass pushes patch for message-hijacking bug; confirms older password-stealing vulnerability

By

In the span of 24 hours, two security researchers separately acknowledged the discovery of serious security vulnerabilities in the password management service LastPass.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US