What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in patch

Apple patches dangerous security holes, one in active use – update now!

by Paul Ducklin We’ve seen several news stories talking up some great new features in Apple’s latest software update for iOS, which was released yesterday. However, we’re much more interested in the security patches that arrived in the update to iOS 14.6, because Apple fixed 38 significant bugs, covered by . . . Read more

Firefox 88 patches bugs and kills off a sneaky JavaScript tracking trick

by Paul Ducklin Over the past two months or so, Mozilla’s Firefox browser has had a lot less media attention than Google’s Chrome and Chromium projects… …but Mozilla probably isn’t complaining this time, given that the last three mainstream releases of Chrome have included security patches for zero-day security holes. . . . Read more

Another Chrome zero-day exploit – so get that update done!

by Paul Ducklin Almost exactly a month ago, or a couple of days under an average month given that February was the short one, we warned of a zero-day bug in Google’s Chromium browser code. Patch now, we said. And we’re saying it again, following Google’s otherwise cheery release of . . . Read more

Apple critical patches fix in-the-wild iPhone exploits – update now!

by Paul Ducklin Apple, rather unusually in today’s cybersecurity world, rarely announces that security fixes are on the way. There’s no equivalent of Microsoft’s Patch Tuesday, which is a regular and predictable fixture in anyone’s cybersecurity calendar; there’s no “new version every fourth Tuesday” as there is with Firefox; there’s . . . Read more

‘Amnesia:33’ TCP/IP Flaws Affect Millions of IoT Devices

A new set of vulnerabilities has been discovered affecting millions of routers and IoT and OT devices from more than 150 vendors, new research warns. Researchers – as well as the U.S. Cybersecurity Infrastructure Security Agency (CISA) – are warning of a set of serious vulnerabilities affecting TCP/IP stacks. The . . . Read more

QNAP High-Severity Flaws Plague NAS Systems

The high-severity cross-site scripting flaws could allow remote-code injection on QNAP NAS systems. QNAP Systems is warning of high-severity flaws that plague its top-selling network attached storage (NAS) devices. If exploited, the most severe of the flaws could allow attackers  to remotely take over NAS devices. NAS devices are systems . . . Read more

VMware Rolls a Fix for Formerly Critical Zero-Day Bug

VMware has issued a full patch and revised the severity level of the NSA-reported vulnerability to “important.” VMware has patched a zero-day bug that was disclosed in late November – an escalation-of-privileges flaw that impacts Workspace One and other platforms, for both Windows and Linux operating systems. VMware has also . . . Read more

GO SMS Pro Android App Exposes Private Photos, Videos and Messages

The vulnerable version of the app, which has 100 million users, uses easily predictable URLs to link to private content. A security weakness discovered in the GO SMS Pro Android app can be exploited to publicly expose media sent using the app, according to researchers. The GO SMS Pro application . . . Read more

Cisco Patches Critical Flaw After PoC Exploit Code Release

A critical path-traversal flaw (CVE-2020-27130) exists in Cisco Security Manager that lays bare sensitive information to remote, unauthenticated attackers. A day after proof-of-concept (PoC) exploit code was published for a critical flaw in Cisco Security Manager, Cisco has hurried out a patch. Cisco Security Manager is an end-to-end security management . . . Read more