Cybersecurity Vulnerabilities news & analysis | SC Media

Vulnerabilities News and Analyis

apple patch

Apple releases more than 30 security patches

Apple released updates across eight product lines with several having more than a dozen issues addressed. Apple does not rate the severity of each vulnerability, but does break them all down for its users. One batch of 13 vulnerabilities was shared across three products, iCloud for Windows versions 10.9.3, 7.18 and iTunes 12.10.5 . Five of…

Unpatched Windows Zero-Day flaws exploited, Microsoft says

Attackers are exploiting unpatched Windows zero day flaws, Microsoft said in a Monday security advisory. The company said “limited targeted attacks” could leverage two unpatched remote code executive (RCE) vulnerabilities in Windows “when the Windows Adobe Type Manager Library improperly handles a specially crafted multi-master font – Adobe Type 1 PostScript format.” Among the ways…

Mirai variant Mukashi searching out Zixel NAS devices

The new Mirai variant Mukashi is targeting Zyxel network attached storage (NAS) devices using brute force attacks based on the default admin credentials and then exploiting CVE-2020-9054. Palo Alto Networks Unit 42 said almost all Zyxel NAS products running firmware versions up to 5.21 are susceptible. CVE-2020-9054 is a pre-authentication command injection vulnerability, which may…

Pwn2Own contest yields 13 bugs, as virtual format expands talent pool

Research teams at the Pwn2Own 2020 competition successfully exploited 13 software vulnerabilities this past week, including bugs found in products from Adobe, Apple, Microsoft, Oracle and Ubuntu. Participants earned $270,000 over the two-day event — the first Pwn2Own ever to be held virtually, as a measure to combat the rapid spread of the novel coronavirus.…

Drupal, Google and Cisco post security advisories

Batches of security advisories were rolled out by Drupal, Google and Cisco yesterday addressing a host of critical-rated issues for their products. Drupal addressed a critical vulnerability affecting Drupal 8.7 and 8.8. The issue is a Cross Site Scripting vulnerability in third-party libraries. An attacker that can create or edit content may be able to…

patch flaw vulnerability

Adobe patches 41 vulnerabilities, 22 in Photoshop

Adobe may have skipped March Patch Tuesday to push out security updates but caught up today issuing advisories covering 41 vulnerabilities, the majority critical, over six products. The products included Adobe Genuine Integrity Service, Acrobat Reader, Photoshop, Experience Manager, ColdFusion 2016 and 2018 and Bridge. None of the vulnerabilities have been spotted in the wild…

VMware advisory warns users to patch critical issue in product

VMware squashes critical code execution bug in hypervisors

VMware has updated its Workstation hosted hypervisor and Fusion software hypervisor, fixing a critical vulnerability that could be exploited to trigger arbitrary code execution or a denial of service condition. The virtualization and cloud computing software provider company also fixed two important privilege escalation flaws spread out between four of its products. Designated CVE-2020-3947, the most critical…

Microsoft issues out-of-band fix for leaked ‘EternalDarkness’ bug

Due to an apparent error in the Microsoft vulnerability disclosure process, news of an unpatched, critical Microsoft Server Message Block (SMB) vulnerability leaked to the public this past Patch Tuesday. In response to this occurrence, Microsoft today issued an out-of-band security update fixing the flaw. If exploited, the bug could result in a wormable remote…

Intel issues nine security advisories

Intel rolled out nine security advisories for a variety of components associated with its processors and graphics drivers, with four having a high severity rating and the remainder medium. The high-rated advisory for Intel graphics drivers contains 17 CVEs, which if left unpatched and exploited could lead to escalation of privilege, denial of service and…

Next post in Vulnerabilities