Bug News, Articles and Updates

PDF exploit built to combine zero-day Windows and Adobe Reader bugs

A privilege escalation vulnerability patched last week in Microsoft Windows and an Adobe Reader remote code execution bug fixed in a product update were both jointly targeted by a PDF-based zero-day exploit.

Confusion over chipmakers' debug exception instructions prompts patching

Multiple major operating systems and hypervisors contain a serious CPU chipset bug that could allow authenticated attackers to elevate privileges, read sensitive data in memory, and control certain low-level functions.

Microsoft fixes critical RCE bug in hcsshim library

Last week Microsoft Corporation updated its Windows Host Compute Service Shim (hcsshim) library to correct a critical remote code execution bug caused by improper input validation when importing a container image.

Drupal releases patch for a code-execution bug actively being exploited

Drupal announced its third critical website bug found in the last month and has issued an unscheduled security update to patch a code-execution bug that is being actively exploited in the wild.

Pwn2Own competition flushes out five Apple bugs, four Microsoft flaws

Independent researchers collected £190,000 in bug purchases this week at the annual Pwn2Own contest at CanSecWest in Vancouver.

If ransom paid in Bitcoin Cash don't expect to get files back

A new ransomware attack called Thanatos demands payment in Bitcoin Cash, which contains a decryption bug that makes it impossible for attack victims to recover stolen files, reports security researcher Malware HunterTeam.

Private chats and user accounts could be exposed by Tinder security bug

An easy-to-exploit bug has left Tinder accounts and private chats exposed to hackers, revealed a researcher this week.

Apple patches 'Text Bomb' bug that causes system crashes

Apple just released a patch to fix its crash bug that allowed specially crafted messages to disable access to iMessage and other messaging apps.

Malicious 'ChaiOS' link can crash Apple devices

A quirky bug in Apple's Messages application is allowing a malicious GitHub link to cause crashes and other bothersome behaviour on both macOS and iOS machines.

Major Intel CPU flaw OS-independent; fix could degrade performance

A reported chip flaw in Intel processors that has existed at least for the last 10 years allows software programs to access content in kernel memory and patching the bug.

TLS implementation bug put millions at risk

A critical security bug put millions of banking app users at risk, according to researchers from the University of Birmingham.

Linux kernel bug enabled privilege escalation - fixed after 2 years

Linux kernel security bug could have led to privilege escalation - fixed after two years as turned out worse than first thought.

Flaw in LinkedIn Messenger could harbour malware

Millions could have been exposed to malware bug in LinkedIn Messenger

Crippling bug in Linux crashes system with a single tweet

A bug in Linux has been discovered that could allow a hacker to crash a system with just 48 characters of code.

Twitter catches 24-hour bug: Brief password glitch potentially exposes user info

Twitter's password recovery systems briefly contained a bug that potentially exposed the email addresses and phone numbers of about 10,000 active account-holders.

Firefox zero-days exposed by attack on privileged account

An attacker compromised a privileged account on Mozilla's Bugzilla bug tracker tool and used the gleaned information to exploit a critical bug.