Cybersecurity Vulnerabilities news & analysis | SC Media Vulnerabilities

Vulnerabilities News and Analyis

WordPress patches four security vulnerabilities

WordPress has pushed out version 5.3.1 patching four security issues. WordPress versions 5.3 and earlier are affected and the company is recommending users download the new version, which is a short-cycle maintenance release and soon will be superseded by a full update when version 5.4 is released. The company did not make note of any…

Intel patches 15 vulnerabilities affecting software, firmware

Intel on Tuesday distributed 11 new security advisories, disclosing 16 total vulnerabilities that affect various software or firmware products. None of the bugs was deemed critical, but there were seven high-level issues, including an escalation of privilege in Linux Administrative Tools for Intel Network Adapters. Carrying a CVSS base score of 8.2 (the highest among…

Adobe releases patches for critical vulnerabilities in Flash, Shockwave and Photoshop

Patch Tuesday: Adobe announces 25 bug fixes, 21 in Acrobat products

On the last Patch Tuesday of 2019, Adobe today released security updates for Acrobat and Acrobat Reader, Photoshop CC, Brackets and ColdFusion, fixing 25 critical and important vulnerabilities in the process. Twenty-one of the flaws were found in various Acrobat and Acrobat Reader products for the Windows and macOS platforms. Of these, 14 are critical,…

Cookie leak allows white-hat researcher to access HackerOne vulnerability reports

Bug bounty platform provider HackerOne Tuesday disclosed that one of its own security analysts mistakenly sent a session cookie to a white-hat researcher on Nov. 24, allowing the researcher to take over the analyst’s account and access vulnerability reports on a number of companies. The researcher, known in the HackerOne community as haxta4ok00, promptly reported…

Exploited Android flaw ‘StrandHogg’ enables phishing overlays, malicious permissions

Attackers have been actively exploiting an Android vulnerability that allows malicious apps to display dangerous permission requests and phishing overlays under the guise of a legitimate app. Dubbed StrandHogg (an old Norse Viking term), the flaw resides in Android’s taskAffinity control setting, and can be successfully abused without having to first gain root access, according…

Google camera app flaw endangered millions of devices

A vulnerability in the Google Camera Application left millions of Google and Samsung smartphones open to being potentially abused potentially letting a malicious actor to take photos, download images and video and listen in to phone calls. The flaw, CVE-2019-2234, is a permission bypass issue that enables real-time access to a phone through the camera…

VMware advisory warns users to patch critical issue in product

VMware patches five security vulnerabilities

VMware pushed out security updates covering five vulnerabilities that if exploited could lead to information disclosure or a denial of service situation. The important-rated vulnerabilities are CVE-2019-5540, CVE-2019-5541 and CVE-2019-5542 and impact VMware Workstation Pro / Player and VMware Fusion Pro/Fusion. CVE-2019-5541 covers an out-of-bounds write vulnerability in e1000e virtual network adapter that could lead…

Next post in Vulnerabilities