Patch News, Articles and Updates

Apple release security updates shortly after releasing another KRACK fix

Apple released security updates for its mobiles, set top box and Window's iCloud platform shortly after rolling out another patch for the KRACK exploits.

TLS exploit capitalises on 19-year-old vulnerability; vendors issue patch

Researchers recently discovered that a nearly two-decade-old vulnerability in TLS stacks was still exploitable due to insufficient protective counter-measures some used by highly popular websites.

Update: TeamViewer releases emergency patch for permissions flaw

TeamViewer has rushed out an emergency patch to fix a security flaw that could allow hackers to take over other machines during an active session.

Apple releases security updates for multiple products

Apple released security updates to patch vulnerabilities in its iOS, mac OS, tvOS and watchOS platforms, some of which could have been used to remotely exploit the affected devices.

Researchers call bull on Dirty Cow Patch, find flaw

Bindecy security researchers identified a flaw in the original patch code of the Dirty Cow vulnerability which could ultimately lead to a privilege escalation attack.

Discount deception: AliExpress patches fake coupon vulnerability

Online retailer AliExpress fixed an open redirect vulnerability in its online shopping portal last October that could have been exploited to display a fake coupon designed to phish sensitive information from those who viewed it.

Adobe Patch Tuesday: 62 vulnerabilities for Acrobat, 5 critical for Flash

Adobe's November Patch Tuesday included 83 patches, including fixes for five critical-rated issues in Flash Player. Reader and Acrobat, by themselves, generated more than five dozen CVEs.

iOS 11 and Apple Watch Series 3, the good, the bad, and the unsecure

With the launch of iOS 11 and the Apple Watch, researchers note Apple's iOS 11 update included eight CVEs that patched vulnerabilities in iBooks, Mail MessageUI, Messages, MobileBackup, Safari, and Webkit.

Automate patch management to keep your IT infrastructure top-notch

With cyber-crime on the increase, Mathivanan V says it's never been more important for organisations to keep their IT infrastructure updated.

Iceni Argus patches six remote code execution bugs

Cisco Talos research team has spotted multiple remote code execution vulnerabilities in the Iceni Argus PDF content extraction product.

80% of IT pros have implemented a patch policy to enhance security

Eighty percent of IT professionals have implemented a patch policy to enhance their organisation's security.

Microsoft update left Azure Linux virtual machines open to hacking

Microsoft patches configuration hole that allowed hackers to upload software packages to its Azure update infrastructure.

Emergency patch for critical Adobe Flash zero-day

Another critical zero day hits Adobe Flash and helps install ransomware - patch released.

Three versions of Internet Explorer reach end of life cycle

Microsoft has released the final patch for Internet Explorer 8, 9 and 10 today along with an "End of Life" notice, to encourage users to switch to Internet Explorer 11 and Microsoft Edge, currently only available on Windows 10.

Patch madness! 273 vulnerabilities from four vendors in one week

When it comes to fixing vulnerabilities, this week will be hard to beat with just four vendors issuing a total of 273 patches. The big question is does that mean we are getting more, or less, secure?

Adobe Shockwave Player update addresses critical vulnerability

Adobe on Tuesday released a security update for Shockwave Player that addresses a critical memory corruption vulnerability.

Seagate patches vulnerabilities in wireless HDs

Seagate has released updates to several vulnerabilities affecting the company's wireless storage devices.

Newly-patched IE bug used in cyber-attack on Hong Kong church

Researchers have discovered a patch for a critical bug in Internet Explorer (IE) being used in semi-targeted attacks on visitors to a Hong Kong church.

Adobe patches flaw in LiveCycle Data Services

Adobe released a hotfix for LiveCycle Data Services, patching a vulnerability that could result in information being disclosed.

Microsoft forced to release out-of-band patch to fix IE

Internet Explorer vulnerability could allow hackers to take control of victim's PC

OpenSSL patches and releases new versions

The OpenSSL Project released OpenSSL 1.0.2b, 1.0.1n, 1.0.0s and 9.9.8zg, which patched five security issues, including the Logjam vulnerability.

Millions of WordPress sites open to attack

WordPress rushes out security update to fix flaw

Critical patch for flaw hitting all MS versions

This vulnerability, if left unpatched, affects every flavour of Windows utilising the IIS services version 6+ to support web sites.