Cybersecurity Vulnerabilities news & analysis | SC Media

Vulnerabilities News and Analyis

applePatch

Apple update takes a bite of iCloud, iTunes and macOS bugs

Apple yesterday released a series of software updates that repaired vulnerabilities in iCloud for Windows 7.14 and 10.7, iTunes 12.10.1 for Windows and macOS Catalina 10.15. The two iCloud updates fixed eight flaws in total, including an arbitrary code execution flaw in UI Foundation and five more in the WebKit browser engine, as well as two universal cross-site…

Microsoft repairs 59 software bugs on a ‘quiet’ Patch Tuesday

Microsoft Corporation today released its latest batch of security updates, fixing 59 vulnerabilities, nine of them critical. Four of the critical flaws consisted of memory corruption bugs that can surface when the Chakra scripting engine handles certain objects in memory in the Microsoft Edge web browser (CVE-2019-1366, CVE-2019-1307, CVE-2019-1308 and CVE-2019-1335). These flaws can be…

mobile security

Kernel privilege escalation bug actively exploited in Android devices

Researchers have discovered a zero-day kernel privilege escalation bug that can result in the full compromise of certain Android devices and is apparently being exploited in the wild. Devices known to be affected by the high-level, use-after-free vulnerability include the Pixel 1, 1X:, 2 and 2 XL; the Huawei P20; the Xiaomi Redmi 5A; the…

DefCon: You cannot 'cyberhijack' an airplane, but you can still create mischief

Feds to boost scrutiny of airliner cybersecurity vulnerabilities

The Department of Homeland Security, Pentagon and Department of Transportation plan to bolster an established program that investigates airliner cybersecurity vulnerabilities. The Wall Street Journal is reporting the program would run tests on actual airplanes to probe for weaknesses, much like was done several years ago when an older Boeing 757 was put to the…

Cisco’s latest round of updates address bugs in security products

Cisco Systems on Wednesday issued a series of security updates, in the process disclosing 29 vulnerabilities, including 16 high-impact ones. Among the most serious issues are a series of bugs found in various security-related products, including Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, Firepower Management Center and FXOS Software. Certain of these vulnerabilities allow for…

Microsoft revises and re-releases patch for exploited Internet Explorer bug

Microsoft Corp. yesterday re-released a security update for CVE-2019-1367, a critical remote execution bug in Internet Explorer that has been actively exploited. The new release expands upon the previous emergency out-of-band update, which took place Sept. 23. According to reports, the company’s earlier effort to distribute a patch was only available on a limited basis…

WhatsApp 320px

WhatsApp bug allows access to content, users should update

A “double-free” bug in WhatsApp lets attackers exploit it using a malicious GIF to access user content, according to a blog post by a self-described technologist and information security enthusiast that goes by the handle Awakened on GitHub. An attacker would need to send the GIF via a messaging platform to a victim’s device where…

Multiple zero-day vulnerabilities found medical IoT devices: CISA

The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory warning of vulnerabilities in several medical IoT devices that could lead to remote code execution. Advisory ICSA-19-274-01, which has a CVSS rating or 9.8, covers the following pieces of equipment: OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, Zebos by IP Infusion, and…

Attacker breaches Comodo forums by exploiting vBulletin flaw

More than 170,000 users of online forums operated by cybersecurity company Comodo Group reportedly had their data stolen by a malicious actor who exploited a recently disclosed vulnerability in vBulletin’s internet forum software. The Clifton, N.J.-based Comodo learned of the attack on September 29, and responded by taking its forums offline and applying patches, the…

New checkm8 exploit can jailbreak millions of iOS devices

An independent researcher who goes by the Twitter handle axi0mX has discovered and published an iOS jailbreak exploit that applies to hundreds of millions of devices and cannot be patched. Named checkm8, the exploit leverages a race condition vulnerability found in the bootrom, a read-only memory chip that contains the first code that initially loads…

Next post in Mobile Security