Cybersecurity Vulnerabilities news & analysis | SC Media

Vulnerabilities News and Analyis

Instagram asks security researchers to check out ‘Checkout’ feature

Instagram is reportedly recruiting white-hat researchers to test the security of its new Checkout feature, which allows users to buy merchandise from select brands without ever having to leave the social media app. CNN this week reported that Facebook-owned Instagram is restricting the testing to only those individuals who have submitted high-quality research to its…

AppleMalware2

iOS 12.4 update reintroduced old bug, enabling jailbreak for current devices

Apple’s latest iOS update reportedly undid a patch that was introduced in the previous release, a mistake that allowed a security researcher to publish a jailbreak for the most up-to-date version of the operating system. The unpatched vulnerability is CVE-2019-8605, an arbitrary code execution bug caused by a use-after-free condition. Working in tandem with Google…

Adobe Patch Tuesday tackles Reader, Acrobat flaws

Adobe’s eight Patch Tuesday updates addressed a multitude of flaws – including 76 in Acrobat and Acrobat Reader that were rated important as well as several in Creative Cloud and Experience Manager rated critical. Successful exploitation of the Acrobat and Acrobat Reader vulnerabilities “could lead to arbitrary code execution in the context of the current…

Researcher details decades-old design flaws in Microsoft’s CTF protocol

Google Project Zero researcher Tavis Ormandy yesterday disclosed a series of 20-year-old flaws in Microsoft’s CTF protocol that could allow unauthorized parties to take over applications that use said protocol. According to Ormandy’s blog post and technical analysis, the flaw is specifically found in the msctf subsystem, which is a component of the Text Services…

Intel rolls out security updates for seven products

Intel has released a series of security updates crossing seven product lines with three rated high and four carrying a medium severity rating. The three high-rated issues cover Intel’s NUC (CVE-2019-11140), Processor Identification Utility for Windows (CVE-2019-11163) and Computing Improvement Program (CVE-2019-11162). The NUC vulnerability is due to an insufficient session validation in system firmware…

Cisco issues multiple product updates, fixes critical flaws in small business switches

Cisco Systems issued a series of security updates on Aug. 6 and 7, in the process disclosing 26 vulnerabilities, including two critical ones found in its Small Business 220 Series Smart Switches. The two most serious bugs consist of a remote code execution flaw (CVE-2019-1913) and an authentication bypass vulnerability (CVE-2019-1912) in the aforementioned switches,…

BlueKeep-like RCE flaws in RDP among 93 vulnerabilities patched by Microsoft

Microsoft patched 93 vulnerabilities, including two BlueKeep-like remote code execution (RCE) flaws. The two flaws, CVE-2019-1181 and CVE-2019-1182, in Remote Desktop Services, are “wormable,” Simon Pope, director of incident response at the Microsoft Security Response Center (MSRC), wrote in a blog post, “meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without…

leakingData social

Report: SEC looking into First American Financial Corp.’s leaky website

First American Financial Corp. is reportedly the subject of a U.S. Securities and Exchange Commission investigation, following the discovery of a website defect that left 885 million documents exposed to the public. Earlier this year, the financial services company’s website was found to have allowed anyone with a web browser and a URL for a…

Apple to expand bug bounty program, offer researchers access to iOS, iPhones

Apple is drastically overhauling its bug bounty program, eliminating its invitation-only status, increasing its rewards, expanding it to include MacOS and other operating systems, and even agreeing to supply qualified researchers with special iPhones that are easier to probe for vulnerabilities. Apple’s head of security engineering Ivan Krstic announced these changes last week at the…

Next post in Security News