Patch News, Articles and Updates

20-year-old flaw found in Ubiquiti networking gear running ancient PHP

Running PHP 2.0.1 turns out to be a bad way to secure network devices against a range of threats including cross-site request forgery attacks.

Old iOS vulnerability spotted in Nintendo Switch browser

A researcher has already found an old vulnerability in the Nintendo Switch which could allow remote attackers to execute arbitrary code.

Vulnerability in Apache Struts active in the wild

A new vulnerability has been spotted in Apache's Struts open-source project that has been spotted active in the wild allowing remote code execution.

Third party develops temporary patch for Microsoft flaw that Google disclosed

Security research firm ACROS Security has issued a third-party patch for a Microsoft vulnerability that Google disclosed last month after Microsoft failed to issue a patch within Google's imposed 90-day deadline.

Vulnerability in Cisco NetFlow Generation Appliances could create DoS condition

The day after Cisco warned about a flaw in its Smart Install clients the company issued an advisory concerning a vulnerability in its Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA).

Iceni Argus patches six remote code execution bugs

Cisco Talos research team has spotted multiple remote code execution vulnerabilities in the Iceni Argus PDF content extraction product.

Zscaler fixes XSS vulnerability in admin portal affecting co-workers

Cloud security vendor fixes cross-site-scripting bug, downplays the threat, says it would only affect co-workers.

German researchers find flaws in nine major password managers

TeamSIK has published a security assessment of nine popular password management applications on Android devices and found them all to contain security vulnerabilities. All vulnerabilities have been patched prior to publication.

Privilege escalation flaw in Huawei Themes patched in software update

Huawei Technologies has released a new software update that patches a privilege escalation vulnerability in its Huawei Themes mobile app that could ultimately result in arbitrary code execution.

Irresponsible disclosure? Google reveals bug prior to Microsoft patch

A security researcher from Google's Project Zero has revealed a bug in Windows' Graphic Component GDI Library prior to Microsoft issuing a patch, despite Microsoft being warned back in November 2016.

Report: More than 100K WordPress web pages defaced following disclosure of patched bug

More than 100,000 WordPress web pages have been defaced, following last week's public disclosure of a patched vulnerability that allows attackers to remotely modify the content of pages and posts.

Unpatched Windows zero day allows DoS attacks, possibly other exploits

Microsoft Windows users beware of an unpatched memory corruption bug which could be exploited to cause Dos attacks.

WordPress secretly patches severe bug that can lead to site content modification

WordPress last week silently patched a high-severity zero-day vulnerability that can allow unauthorized users to remotely modify a web page's content and change any post.

Spotting vulnerabilities in your open source code

ESET researchers have offered programmers a few tips for spotting vulnerable code and how to correct them before they make it into your system.

Mozilla issues five critical patches for Firefox and Firefox ESR

Mozilla issued two security advisories covering Firefox and Firefox ESR that between them contain 33 security patches, five rated as critical.

'Magic String' of characters could have compromised WebEx extension users

A vulnerability in Cisco's WebEx Chrome extension reportedly could have allowed adversaries to remotely execute code on machines that visited compromised URLs containing a special string of characters.

Apple issues updates for almost all its products

Anyone owning an Apple device probably needs to patch it.

Patch Tuesday: Microsoft issues two critical fixes

Microsoft's first Patch Tuesday for the year proved lighter than usual with the company rolling out four security bulletins today that cover just four potential exploits, two of which are rated critical.

Patch Tuesday: Adobe Flash Player receives updates for 13 security issues

Adobe's first Patch Tuesday of 2017 features 42 critical security fixes for its Flash Player and other products.

Patched Android flaw a potential privacy headache for Nexus 6 and 6P owners

If left unaddressed, a recently patched Android vulnerability affecting Nexus 6 and Nexus 6P phablets can allow attackers to invade device owners' privacy and steal their information, according to an analysis report by IBM security researchers.

Security bugs fixed in Mozilla app Thunderbird 45.6

A number of fixes were issued on Wednesday for security vulnerabilities in Thunderbird 45.6.

Critical PHP 7 flaws detected and patched, Check Point

Security researchers found three zero-day vulnerabilities in PHP 7, all of which could prove extremely dangerous to any site using the web programming language.

Critical code execution flaw in PHPMailer took two patches to fix

Older versions of the code library PHPMailer contain a critical vulnerability that remote attackers can leverage to take over a web server account and compromise a targeted web application via arbitrary code execution.

Joomla flaw allows attacker to change passwords and seize sites

Joomla patched a vulnerability (CVE-2016-9838) which if exploited could allow an attacker to reset login credentials and take over sites.

Netgear releases patches for publicly known critical flaw

Netgear released firmware updates for several router models to patch a publicly known critical vulnerability.

Adobe Patch Tuesday: fix issues for Zero-day in Flash Player

Adobe rounded out 2016 the same way it rang in 2015, by issuing a slew of patches, including one fixing a zero-day that is currently in the wild and impacting Flash Player.

Microsoft Patch Tuesday: 12 bulletins, six critical in final release of 2016

Microsoft's last Patch Tuesday of 2016 featured six critical updates, 12 overall, covering 34 flaws all of which, if exploited, could lead to remote code execution.

Remote coding flaw spotted in Roundcube webmail software

RIPS Technologies researchers spotted a command execution vulnerability in Roundcube open source webmail software.

Google Chrome desktop update mends 36 vulnerabilities

Google on Thursday announced an update to its desktop version of Chrome, including security fixes of 36 vulnerabilities, 15 of which were designated high severity.