RCE Archives - IT LinesIT Lines

Popular JWT cloud security library patches “remote” code execution hole

10 Jan, 2023 Cryptography, JSON, jsonwebtoken, JWT, RCE, Security News, Vulnerability 0 Comments 0

It’s remotely triggerable, but attackers would already have pretty deep network access if they could “prime” your server for compromise.

Apple patches 87 security holes – from iPhones and Macs to Windows

15 Mar, 2022 Apple, cve, Exploit, iOS, OS-X, patch, Privacy, RCE, Security News, Vulnerability, Windows 0 Comments 0

Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.

Apple patches Safari data leak (oh, and a zero-day) – patch now!

27 Jan, 2022 Apple, Exploit, iOS, iPhone, macOS, OS-X, patch, Privacy, RCE, Security News, Vulnerability 0 Comments 0

That infamous “supercookie” bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.

“Log4Shell” Java vulnerability – how to safeguard your servers

10 Dec, 2021 Apache, CVE-2021-44248, Exploit, Java, Log4Shell, LOGJAM, RCE, Security News, Vulnerability 0 Comments 0

Just when you thought it was safe to relax for the weekend… a critical bug showed up in Apache’s Log4j product

VMware patch bulletin warns: “This needs your immediate attention.”

22 Sep, 2021 RCE, Security News, vCenter, vmware, Vulnerability 0 Comments 0

“It is a matter of time before working exploits are available,” warns VMware.

OMIGOD, an exploitable hole in Microsoft open source code!

16 Sep, 2021 CVE-2021-38647, Exploit, Linux, Microsoft, OMI, OMIGOD, RCE, Security News, Vulnerability, Wiz, WMI 0 Comments 0

Got Linux? Here’s a bug you weren’t expecting, in software you might not know you have.

IoT bug report claims “at least 100M devices” may be impacted

13 Apr, 2021 DoS, Exploit, freebsd, podcast, RCE, Security News, Vulnerability 0 Comments 0

by Paul Ducklin Here’s another BWAIN, which is our shorthand for Bug With An Impressive Name. That’s the abbreviation we use for bugs that end up with names, logos and even dedicated websites that are catchy, cool, fancy, important or dramatic, and sometimes even all of these at the same . . . Read more

Patch now to stop hackers blindly crashing your Windows computers

10 Feb, 2021 #, Exploit, Microsoft, patch tuesday, RCE, Security News, Vulnerability, Windows 0 Comments 0

by Paul Ducklin As you know, our usual advice for Patch Tuesday boils down to four words, “Patch early, patch often.” There were 56 newly-reported vulnerabilities fixed in this month’s patches from Microsoft, with four of them offering attackers the chance of finding remote code execution (RCE) exploits. Remote code . . . Read more

GnuPG crypto library can be pwned during decryption – patch now!

31 Jan, 2021 Cryptography, Exploit, GNU Privacy Guard, GnuPG, GPG, ormandy, RCE, Security News, Vulnerability 0 Comments 0

by Paul Ducklin Bug hunter Tavis Ormandy of Google’s Project Zero just discovered a dangerous bug in the GNU Privacy Guard team’s libgcrypt encryption software. The libgcrypt library is an open-source toolkit that anyone can use, but it’s probably best known as the encryption library used by the GNU Privacy . . . Read more

Apple critical patches fix in-the-wild iPhone exploits – update now!

27 Jan, 2021 Apple, Exploit, hack, iOS, iPhone, patch, RCE, Security News, Vulnerability 0 Comments 0

by Paul Ducklin Apple, rather unusually in today’s cybersecurity world, rarely announces that security fixes are on the way. There’s no equivalent of Microsoft’s Patch Tuesday, which is a regular and predictable fixture in anyone’s cybersecurity calendar; there’s no “new version every fourth Tuesday” as there is with Firefox; there’s . . . Read more

What's Your IT Question?

All posts in RCE