Patch News, Articles and Updates

Apple releases security updates in devices shortly after releasing another KRACK fix

Apple released security updates for its cellphones, set top box and Window's iCloud platform shortly after rolling out another patch for the KRACK exploits.

Apple addresses KRACK exploits in AirPort Base Station firmware

Apple has continued to roll out patches to fix the KRACK (Key Reinstallation AttaCKs) series of vulnerabilities, this time in its AirPort Base Station firmware.

Microsoft Patch Tuesday: 34 vulnerabilities most browser related

Microsoft's December Patch Tuesday release contained 34 vulnerabilities with 22 of these being rated critical and affecting the company's browser products.

Adobe Patch Tuesday: Lone Flash Player security flaw noted

Adobe had a minimal Patch Tuesday offering for December listing just one vulnerability for Flash Player.

Microsoft issues emergency fix for Malware Protection Engine flaw

The vulnerability impacts numerous Microsoft security offerings, including multiple versions of Microsoft Exchange, ForcePoint End Point Protector and Defender.

Mozilla patches two vulnerabilities, one rated critical

The Mozilla Foundation has fixed two security issue, one rated critical, in Firefox 57.0.2 and Firefox ESR 52.5.2.

Apple releases security updates for multiple products

Apple released security updates to patch vulnerabilities in its iOS, mac OS, tvOS and watchOS platforms.

Google patches 37 security issues in Chrome

Google issued patches for 37 security issues in Chrome, with one being rated critical and six considered high risks, with the release of Chrome 63.0.3239.84.

ParseDroid vulnerabilities could affect all Android developers

Checkpoint researchers discovered several vulnerabilities in Android application developer tools that could put any developer.

Mozilla patches critical flaws in Firefox 57.0.1 update

Mozilla released a security update to address critical vulnerabilities in Firefox 57 which could allow a remote attacker to take control of an affected system.

Google issues patches for Nexus/Pixel phones

Google's December Nexus/Pixel security release contained 48 issues, but with only one vulnerability being rated critical and five high, but three could result in a denial of service (DoS) situation if exploited.

Researchers call bull on Dirty Cow Patch, find flaw

Bindecy security researchers identified a flaw in the original patch code of the Dirty Cow vulnerability which could ultimately lead to a privilege escalation attack.

Apple issues emergency fix for High Sierra root access flaw

The company plans to push the update out to users.

Facebook fixes polling feature bug that could have deleted users' photos

When Facebook debuted a new polling feature earlier this month, it also introduced a vulnerability that could have allowed a malicious actor to delete any photo saved to the social media site.

Discount deception: AliExpress patches fake coupon vulnerability

Online retailer AliExpress fixed a vulnerability in its online shopping portal last October after researchers discovered a way to inject a fake coupon designed to phish sensitive information from those who receive it.

Intel security advisory, patches elevation of privilege exploits

Positive Technologies researchers identified elevation of privilege exploits in various Intel product families which could enable a system crash or system instability, among other issues.

Oracle issues emergency patch for JoltandBleed bug in Tuxedo middleware

Oracle Corporation issued an emergency patch on Tuesday, fixing critical vulnerabilities affecting the Jolt server within Oracle Tuxedo that could be exploited over a network with no valid username or password credentials.

Microsoft Patch Tuesday: 20 critical issues addressed

Microsoft's November Patch Tuesday rollout included patches 53 flaws, 20 rated critical, spread across a variety of products, including Edge, Internet Explorer, Windows and Office.

Adobe Patch Tuesday: 62 vulnerabilities for Reader/Acrobat, 5 critical for Flash Player

Adobe's November Patch Tuesday offering included 83 patches, including fixes for five critical-rated issues in Flash Player. Reader and Acrobat, by themselves, generated more than five dozen CVEs.

TERA video game patched after report of RCE bug in chat feature

Game developer Bluehole, Inc. issued a hotfix for its popular title TERA this weekend, following the circulation of a report revealing that the MMORPG's HTML-based chat function could be abused to spread malware.

Microsoft issues warning on Dynamic Data Exchange vulnerability

With APT28 now using Microsoft's Dynamic Data Exchange (DDE) as an attack point, the company has issued an official advisory concerning the practice, along with possible mitigation methods.

Tor patches flaw that could expose MacOS and Linux IP addresses

The Tor Project released a patch fixing an issue that could reveal the correct IP address of MacOS and Linux users accessing the Tor browser.

Cisco patches 16 vulnerabilities to kick off November

Cisco Systems on Wednesday issued patches for 16 different product vulnerabilities, half of which are considered high impact in nature.

Hack-It Ralph? Circle with Disney parental filter filled with exploitable flaws

A Disney-branded internet filter underwent automatic patching after researchers discovered multiple vulnerabilities that could have exposed users to cyberattacks, researchers from Talos have reported.

WordPress issues patch to eliminate SQL injection vulnerability

WordPress has issued a new update, version 4.8.3, that researchers and the organization itself said could lead to a SQL injection and strongly recommend users update to the latest version.

Google fixes three flaws that could have compromised its bug tracker service

A private website Google used to track bugs in its own products was discovered to have its own set of flaws that could have exposed sensitive vulnerability reports.

Patch issued for severe vulnerability in Oracle Identity Manager

Oracle has issued a security alert advisory for a critical vulnerability discovered in its Oracle Identity Manager that can result in total compromise of the software suite via an unauthenticated network attack. A fix is now available.

APT28 joins BlackOasis in exploiting latest Adobe Flash vulnerability

APT28 is now also being named as one of the cyber gangs attempting to take advantage of Adobe Flash vulnerability CVE-2017-11292.

Cisco remedies critical unauthorized access bug in Cloud Services Platform

Cisco on Wednesday issued a security update to repair a critical unauthorized access vulnerability in its Cloud Services Platform (CSP) 2100.