Patch News, Articles and Updates

Mozilla patches heap buffer overflow in Firefox browsers

The Mozilla Foundation Security has released an advisory to patch critical vulnerabilities in Firefox and Firefox ESR products which could allow a remote attacker to take control of an affected system.

Sierra Wireless patches router vulnerabilities

Sierra Wireless patched two vulnerabilities in several of its AirLink routers that if exploited could allow the execution of arbitrary code or gain full control of a system.

Adobe Patch Tuesday update fixes confusion flaw in Flash

A patch released Tuesday by Adobe fixes a critical confusion vulnerability, CVE-2018-4944, found in all Flash Player versions up to 29.0.0.140.

Drupal releases patch for a code-execution bug actively being exploited

Drupal announced its third critical website bug found in the last month and has issued an unscheduled security update to patch a code-execution bug that is being actively exploited in the wild.

Juniper patched multiple vulnerabilities

Juniper Networks released more than a dozen security updates to patch a wide range of issues including two denial-of-service vulnerabilities and one for remote code execution.

Microsoft pushes update for critical RCE bug in Malware Protection Engine

Microsoft Corporation on Tuesday announced an emergency patch for a memory corruption vulnerability in its Microsoft Malware Protection Engine (MMPE) that remote attackers can exploit to execute arbitrary code.

Despite poor IT visibility, HR apps are the most highly used cloud services

Despite a lack of appropriate visibility and control measures in place, cloud-based HR applications are now the most highly used cloud applications across organisations, with 139 such apps being used by organisations on average.

Drupal 7 and 8 patch multiple critical vulnerabilities

Drupal patched multiple vulnerabilities in both Drupal 7 and Drupal 8 including a comment reply form flaw that allows access to restricted content and an incomplete JavaScript cross-site scripting prevention flaw, both rated critical.

Apple patches 'Text Bomb' bug that causes system crashes

Apple just released a patch to fix its crash bug that allowed specially crafted messages to disable access to iMessage and other messaging apps.

Massive code rewrite may be required to patch Skype vulnerability

Skype is reportedly refusing to patch a security vulnerability in its updater process which could allow an attacker to gain system level privileges on a vulnerable computer.

Linux systems can still be hacked via USB sticks

Organisations need to apply patch to prevent malicious code execution from USB flash drives. Linux systems could be a risk from malware on USB memory sticks, according to security researchers.

Microsoft Patch Tuesday: Nearly 50 patches, most for privilege escalation

Microsoft patched nearly 50 vulnerabilities this month, including patches for an Adobe Flash Player zero-day vulnerability that was announced earlier this month.

Amazon issues security patch for Key after researcher claims hack

Amazon is issuing a security patch for its "Key"services shortly after a researcher posted a video demonstration of them claiming to hack the Amazon device using a Raspberry Pi.

All versions' of Windows vulnerable to tweaked Shadow Broker NSA exploits

NSA exploits stolen by hacker Shadow Brokers can be tweaked to exploit vulnerabilities in all versions of Windows, including Windows 10 - so deploy the MS17-010 security update from Microsoft as soon as possible.

Flash Player zero-day attacks attributed to advancing North Korean APT

Researchers are reporting that an increasingly sophisticated North Korean hacking group is responsible for an attack campaign exploiting CVE-2018-4878, a critical use-after-free flaw in Flash Player that has not yet been patched.

Mozilla patches unsanitised output flaw in Firefox

Mozilla patched an unsanitised output flaw in its Firefox browser user interface that could lead to arbitrary code execution.

Monero crypto miner leveraging Apache Struts vulnerability

Cryptocurrency miners have begun using two older and already patched vulnerabilities to compromise servers to mine the Monero digital currency.

Intel advises companies to stop

Intel is recommending that vendors and end users stop deploying the current version of its patch designed to fix the Spectre/Meltdown vulnerabilities that were discovered in most of the company's processors.

Lenovo patches 14-year-old vulnerability

Lenovo released a patch for a vulnerability introduced 14 years ago via a firmware update by the now-defunct Nortel Networks and its blade server and switch business unit.

Microsoft halts Spectre/Meltdown patch roll out after AMD BSoD issues

Microsoft is having a different type of Patch Tuesday, instead of simply pushing out security updates the company is dealing with several new issues surrounding the patches it released last week to mitigate Spectre/Meltdown issues.

Patch Tuesday: Adobe issues lone patch for Flash Player

The first patch Tuesday of 2018 has Adobe issuing its first patch for the new year, a lone entry for Flash Player rated as "important".

Apple issues Spectre patches for macOS High Sierra, Safari and iOS

Apple followed up on its promise last week and rolled out updates for macOS High Sierra, Safari and iOS to patch the Spectre vulnerabilities CVE-2017-5753 and CVE-2017-5715 in Intel's processor family.

Malicious websites steal from vulnerable Electrum cryptocurrency wallets

The popular Bitcoin client Electrum has developed a patch for a critical vulnerability that allows malicious websites to steal from digital wallets that are not password-protected.

Apple release security updates shortly after releasing another KRACK fix

Apple released security updates for its mobiles, set top box and Window's iCloud platform shortly after rolling out another patch for the KRACK exploits.

TLS exploit capitalises on 19-year-old vulnerability; vendors issue patch

Researchers recently discovered that a nearly two-decade-old vulnerability in TLS stacks was still exploitable due to insufficient protective counter-measures some used by highly popular websites.

Update: TeamViewer releases emergency patch for permissions flaw

TeamViewer has rushed out an emergency patch to fix a security flaw that could allow hackers to take over other machines during an active session.

Apple releases security updates for multiple products

Apple released security updates to patch vulnerabilities in its iOS, mac OS, tvOS and watchOS platforms, some of which could have been used to remotely exploit the affected devices.

Researchers call bull on Dirty Cow Patch, find flaw

Bindecy security researchers identified a flaw in the original patch code of the Dirty Cow vulnerability which could ultimately lead to a privilege escalation attack.

Discount deception: AliExpress patches fake coupon vulnerability

Online retailer AliExpress fixed an open redirect vulnerability in its online shopping portal last October that could have been exploited to display a fake coupon designed to phish sensitive information from those who viewed it.

Adobe Patch Tuesday: 62 vulnerabilities for Acrobat, 5 critical for Flash

Adobe's November Patch Tuesday included 83 patches, including fixes for five critical-rated issues in Flash Player. Reader and Acrobat, by themselves, generated more than five dozen CVEs.