What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in patch

Another Chrome zero-day exploit – so get that update done!

by Paul Ducklin Almost exactly a month ago, or a couple of days under an average month given that February was the short one, we warned of a zero-day bug in Google’s Chromium browser code. Patch now, we said. And we’re saying it again, following Google’s otherwise cheery release of . . . Read more

Apple critical patches fix in-the-wild iPhone exploits – update now!

by Paul Ducklin Apple, rather unusually in today’s cybersecurity world, rarely announces that security fixes are on the way. There’s no equivalent of Microsoft’s Patch Tuesday, which is a regular and predictable fixture in anyone’s cybersecurity calendar; there’s no “new version every fourth Tuesday” as there is with Firefox; there’s . . . Read more

‘Amnesia:33’ TCP/IP Flaws Affect Millions of IoT Devices

A new set of vulnerabilities has been discovered affecting millions of routers and IoT and OT devices from more than 150 vendors, new research warns. Researchers – as well as the U.S. Cybersecurity Infrastructure Security Agency (CISA) – are warning of a set of serious vulnerabilities affecting TCP/IP stacks. The . . . Read more

QNAP High-Severity Flaws Plague NAS Systems

The high-severity cross-site scripting flaws could allow remote-code injection on QNAP NAS systems. QNAP Systems is warning of high-severity flaws that plague its top-selling network attached storage (NAS) devices. If exploited, the most severe of the flaws could allow attackers  to remotely take over NAS devices. NAS devices are systems . . . Read more

VMware Rolls a Fix for Formerly Critical Zero-Day Bug

VMware has issued a full patch and revised the severity level of the NSA-reported vulnerability to “important.” VMware has patched a zero-day bug that was disclosed in late November – an escalation-of-privileges flaw that impacts Workspace One and other platforms, for both Windows and Linux operating systems. VMware has also . . . Read more

GO SMS Pro Android App Exposes Private Photos, Videos and Messages

The vulnerable version of the app, which has 100 million users, uses easily predictable URLs to link to private content. A security weakness discovered in the GO SMS Pro Android app can be exploited to publicly expose media sent using the app, according to researchers. The GO SMS Pro application . . . Read more

Cisco Patches Critical Flaw After PoC Exploit Code Release

A critical path-traversal flaw (CVE-2020-27130) exists in Cisco Security Manager that lays bare sensitive information to remote, unauthenticated attackers. A day after proof-of-concept (PoC) exploit code was published for a critical flaw in Cisco Security Manager, Cisco has hurried out a patch. Cisco Security Manager is an end-to-end security management . . . Read more

2 More Google Chrome Zero-Days Under Active Exploitation

Browser users are once again being asked to patch severe vulnerabilities that can lead to remote code execution. Google is asking Chrome desktop users to prepare to update their browsers once again as two more zero-day vulnerabilities have been identified in the software. Both allow an unauthenticated, remote attacker to . . . Read more

High-Severity Cisco DoS Flaw Can Immobilize ASR Routers

The flaw stems from an issue with the ingress packet processing function of Cisco IOS XR software. A high-severity flaw in Cisco’s IOS XR software could allow unauthenticated, remote attackers to cripple Cisco Aggregation Services Routers (ASR). The flaw stems from Cisco IOS XR, a train of Cisco Systems’ widely . . . Read more