Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability – Tempemail

A day after Apple and Google rolled out urgent security updates, Microsoft has pushed software fixes as part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office, BitLocker, and Visual Studio, including an actively exploited zero-day in its Continue Reading

Apple Issues Urgent Updates to Fix New Zero-Day Linked to Pegasus Spyware – Tempemail

Apple has released iOS 14.8, iPadOS 14.8, watchOS 7.6.2, macOS Big Sur 11.6, and Safari 14.1.2 to fix two actively exploited vulnerabilities, one of which defeated extra security protections built into the operating system. The list of two flaws is as follows – CVE-2021-30858 (WebKit) – A use after free Continue Reading

Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack – Tempemail

Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild. Tracked as CVE-2021-30632 and CVE-2021-30633, the vulnerabilities concern an out of bounds write in V8 JavaScript engine and a use Continue Reading

Bahraini Activists Targeted Using a New iPhone Zero-Day Exploit From NSO Group – Tempemail

A previously undisclosed “zero-click” exploit in Apple’s iMessage was abused by Israeli surveillance vendor NSO Group to circumvent iOS security protections and target nine Bahraini activists. “The hacked activists included three members of Waad (a secular Bahraini political society), three members of the Bahrain Center for Human Rights, two exiled Continue Reading

China’s New Law Requires Researchers to Report All Zero-Day Bugs to Government – Tempemail

The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosures regulations that mandate security researchers uncovering critical flaws in computer systems to mandatorily disclose them first-hand to the government authorities within two days of filing a report. The “Regulations on the Management of Network Product Security Vulnerability” are Continue Reading

Update Your Chrome Browser to Patch New Zero‑Day Bug Exploited in the Wild – Tempemail

Google has pushed out a new security update to Chrome browser for Windows, Mac, and Linux with multiple fixes, including a zero-day that it says is being exploited in the wild. The latest patch resolves a total of eight issues, one of which concerns a type confusion issue in its Continue Reading

Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild – Tempemail

Threat intelligence researchers from Google on Wednesday shed more light on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year. What’s more, three of the four zero-days were engineered by commercial providers and sold Continue Reading

A New Critical SolarWinds Zero-Day Vulnerability Under Active Attack – Tempemail

SolarWinds, the Texas-based company that became the epicenter of a massive supply chain attack late last year, has issued patches to contain a remote code execution flaw in its Serv-U managed file transfer service. The fixes, which target Serv-U Managed File Transfer and Serv-U Secure FTP products, arrive after Microsoft Continue Reading

Apple Issues Urgent Patches for 2 Zero-Day Flaws Exploited in the Wild – Tempemail

Apple on Monday shipped out-of-band security patches to address two zero-day vulnerabilities in iOS 12.5.3 that it says are being actively exploited in the wild. The latest update, iOS 12.5.4, comes with three security fixes, including a memory corruption issue in the ASN.1 decoder (CVE-2021-30737) and two flaws concerning the Continue Reading

Update Your Windows Computers to Patch 6 New In-the-Wind Zero-Day Bugs – Tempemail

Microsoft on Tuesday released another round of security updates for Windows operating systems and other supported software, squashing 50 vulnerabilities, including 6 zero-days that are said to be under active attack. The flaws were identified and resolved in Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based Continue Reading