Patches News, Articles and Updates

Apple addresses KRACK exploits in AirPort Base Station firmware

Apple has continued to roll out patches to fix the KRACK (Key Reinstallation AttaCKs) series of vulnerabilities, this time in its AirPort Base Station firmware.

Google patches 37 security issues in Chrome

Google issued patches for 37 security issues in Chrome, with one being rated critical and six considered high risks, with the release of Chrome 63.0.3239.84.

Cisco patches multiple vulnerabilities in WebEx platforms

Cisco released patches for multiple vulnerabilities in its WebEx Recording Format and Advanced Recoding Format Players to address vulnerabilities.

Google updates Chrome with 15 patches

Google reported it has updated Chrome to version 51.0.2704.79 for Windows, Mac, and Linux with a total of 15 security fixes, including two high and five medium threats, being patched.

Google seeks to phase out Flash on Chrome by year-end

Google plans to begin phasing out support for Adobe's Flash Player by the end of this year, the search company announced on a Chromium forum.

PC users improve software patching yet challenges remain

UK PC users are making progress when it comes to patching software vulnerabilities, however big challenges still remain.

Reflected XSS vuln found on Fortinet login page

A reflected cross-site scripting (RXSS) attack that let attackers log their passwords in cleartext was found contained on Fortinet's login page.

Cisco patches critical IKE vulnerability of ASA firewalls

Cisco released a patch for a critical security vulnerability affecting the Internet Key Exchange of ASA software, the operating system that runs its Adaptive Security Appliance security devices.

Magento issues fixes for 20 vulnerabilities, two rated critical

E-commerce content management provider Magento issued several patches to fix XSS vulnerabilities that could have injected a malicious JavaScript code into the company's online ordering form allowing the system to be taken over remotely.

Dropbear SSH daemon doesn't authenticate users

A critical authentication bug has been discovered in Advantech's EKI series of Modbus-to-TCP/IP gateways.

Adobe issues new batch of patches

Another emergency patch to guard against exploits in the wild

Vulnerabilities found in common web apps

Vulnerabilities have been identified in a few web applications in the e-commerce/shopping cart application osCmax, osCommerce's Online Merchant, Roundcube, Osclass, and SocialEngine.

SC Congress Chicago: New vulnerabilities, new threats stress old security models

When it comes to what security professionals need to do to protect their organisations not much has changed in a couple of decades, though perimeters have all but dissolved and the timeframe for taking action has become more compressed, according to members of a Tuesday panel at SC Congress in Chicago.

Protecting against Android's Stagefright exploit

Stagefright found in Android allows an attacker to run arbitrary code with the media or system permissions.

Adobe updates Flash Player and AIR, fixes 35 bugs

Adobe's Flash Player and AIR updates fix 35 bugs, the majority of which could lead to code execution.