What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in zero day

Apple emergency zero-day fix for iPhones and Macs – get it now!

by Paul Ducklin You might be forgiven for thinking that July 2021 was Microsoft’s month for cybersecurity vulnerabilities. First there was PrintNightmare in several guises, followed by HiveNightmare (an entirely unrelated bug that nevertheless attracted the “Nightmare” moniker), followed by PetitPotam (which went down the cute aquatic mammal naming path). . . . Read more

PrintNightmare, the zero-day hole in Windows: here’s what to do

by Paul Ducklin There’s a critical Windows bug out there that’s not only known by three different names, but also listed variously as having three different severities. The first name you will see is the official MITRE identifier CVE-2021-1675, fixed in the Microsoft June 2020 Patch Tuesday update that was . . . Read more

Chrome zero-day, hot on the heels of Microsoft’s IE zero-day. Patch now!

by Paul Ducklin Microsoft’s Patch Tuesday announcement was bad enough, with six in-the-wild vulnerabilities patched, including one buried in the vestiges of Internet Explorer’s MSHTML web rendering code… …and it’s been followed by Google’s latest Chrome security advisory, which includes a zero-day patch (CVE-2021-30551) to Chrome’s JavaScript engine amongst its . . . Read more

Apple patches dangerous security holes, one in active use – update now!

by Paul Ducklin We’ve seen several news stories talking up some great new features in Apple’s latest software update for iOS, which was released yesterday. However, we’re much more interested in the security patches that arrived in the update to iOS 14.6, because Apple fixed 38 significant bugs, covered by . . . Read more

S3 Ep31: Apple zero-days, Flubot scammers and PHP supply chain bug [Podcast]

by Paul Ducklin We look into Apple’s recent emergency updates that closed off four in-the-wild browser bugs. We explain how the infamous “Flubot” home delivery scam works and how to stop it. We investigate a recent security bug that threatened the PHP ecosystem. With Doug Aamoth and Paul Ducklin. Intro . . . Read more

Apple products hit by fourfecta of zero-day exploits – patch now!

by Paul Ducklin It’s only a week since Apple’s last product updates, but it’s already time to update again. As you probably know, Apple, unusually amongst major operating system and application producers, doesn’t have any sort of predictable schedule for its security patches. Unlike vendors such as Microsoft (monthly), Google . . . Read more

Firefox 88 patches bugs and kills off a sneaky JavaScript tracking trick

by Paul Ducklin Over the past two months or so, Mozilla’s Firefox browser has had a lot less media attention than Google’s Chrome and Chromium projects… …but Mozilla probably isn’t complaining this time, given that the last three mainstream releases of Chrome have included security patches for zero-day security holes. . . . Read more

S3 Ep23: Hafnium happenings, I see you, and Pythonic poison [Podcast]

by Paul Ducklin Getting to grips with the HAFNIUM gang/vulnerabilities/exploits/webshells/attacks. Why it’s important to think before you share those home-based selfies. What you need to know about social engineering. How (not!) to prove a point when you’re a programmer. With Kimberly Truong and Paul Ducklin. Intro and outro music by . . . Read more

Another Chrome zero-day exploit – so get that update done!

by Paul Ducklin Almost exactly a month ago, or a couple of days under an average month given that February was the short one, we warned of a zero-day bug in Google’s Chromium browser code. Patch now, we said. And we’re saying it again, following Google’s otherwise cheery release of . . . Read more