Vulnerabilities | SC Media

Vulnerabilities

Adobe fixes 18 critical vulnerabilities on heels of largest-ever Microsoft Patch Tuesday

Adobe on Tuesday patched 18 critical vulnerabilities – five of them in Illustrator and another five in After Effects. The out-of-band updates came a week after the company patched four flaws in Flash and Microsoft unveiled its largest Patch Tuesday ever, offering updates for 129 vulnerabilities. The After Effects out-of-bounds read, out-of-bounds write and overflow…

Ripple20 bugs in scores of IoT devices reveal third-party code dangers

Hundreds of millions of Internet of Things (IoT) products use a TCP/IP software library containing severe vulnerabilities that can be exploited for remote code execution and complete device takeover, say researchers who also warn that the bug has been extremely difficult to track across the IoT supply chain due to liberal adoption of the third-party…

CallStranger bug in billions of devices can enable data exfiltration, DoS attacks

Billions of Internet of Things and Local Area Network devices that rely on the Universal Plug and Play (UPnP) protocol for discovery of and interaction with other devices are vulnerable to “CallStranger,” a bug that can be exploited to exfiltrate data, launch a denial of service attack or scan ports. The Windows 10 operating system,…

Attackers are using exploit code for SMBGhost bug, CISA warns

Functioning point-of-concept exploit code now exists for the highly critical “SMBGhost” bug that Microsoft last March patched in its Server Message Block 3.1.1 (SMBv3) protocol, and attackers are taking advantage, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned, citing open-source reports. Designated CVE-2020-0796 and also known as EternalDarkness, the bug can result in…

Cisco security advisories address 47 flaws, three critical

Cisco Systems on Wednesday, June 3 released a series of security advisories addressing a total of 47 vulnerabilities, including three critical bugs that were found and fixed in IOS or IOS EX software. Among the most series flaws is a privilege escalation vulnerability in the authorization controls of the IOx application hosting infrastructure in Cisco IOS XE…

VMware advisory warns users to patch critical issue in product

VMware discloses important local privilege escalation bug found in 3 products

VMware’s latest security advisory discloses three vulnerabilities spread out among five products. The most significant of this trio is an “important” time-of-check time-of-use (TOCTOU) flaw in the service opener of Fusion, VMRC and Horizon Client that can be locally exploited to escalate privileges to root. Officially designated CVE-2020-3957, the bug was assigned a CVSSv3 base score of…

‘Sandworm Team’ hackers from Russia are exploiting Exim, warns NSA

The U.S. National Security Agency on Thursday issued an advisory alleging that hackers from Russia’s Main Intelligence Directorate (GRU) have been actively exploiting a remote code execution vulnerability in Exim Mail Transfer Agent (MTA) software, found in Unix-based systems. Researchers and analysts reacting to the agency’s warning say the announcement is an important reminder that…

StrandHogg 2.0 bug enables Android app hijacking, poses patching challenge

A critical elevation-of-privilege vulnerability found in Android devices could potentially be exploited, without root access or user permission, to hijack virtually all mobile apps in order to spy on individuals or steal their login credentials. Google has developed a security patch for Android versions 8, 8.1 and 9 — alerting its partners of the update…

Patch round-up: Cisco repairs RCE bug; notable fixes from VMware, Google, Adobe

Cisco Systems on Wednesday fixed a critical remote code execution vulnerability in its Unified Contact Center Express solution — one of a flurry of patches and bug disclosures announced this week by tech giants such as Microsoft, Apple and Google. Found in Unified CCX’s Java Remote Management Interface, the critical Cisco flaw — with a CVSS…

Next post in Security News