Patches News, Articles and Updates

Flawed code-signing process could let malware appear as Apple-approved

Developers & vendors of numerous third-party security, forensics & incident response products for Mac computers have started issuing patches after researchers realised their software wasn't interacting with Apple's code-signing API.

Latest batch of Cisco updates patches 28 bugs, two critical

Cisco Systems has issued 28 security updates that patch vulnerabilities found in a variety of products, including two critical bugs that were assigned a CVSS (Common Vulnerability Scoring System) base score of 9.8.

Patch Tuesday: Microsoft patches Remote Desktop Protocol exploit

This month's Microsoft patch Tuesday included more than 70 patches 15 of which were marked as critical and one that could exploit authentication in Microsoft Remote Desktop Protocol.

Recently patched Flash vulnerability spotted in massive malspam campaign

A recently patched Flash Player flaw was exploited in a widespread attack spam campaign primarily targeting South Koreans.

Mobile ransomware & banking malware thrive as hackers put focus on mobile

Security patches introduced by Apple and Google reduced instances of jailbreaking and minimised firmware flaws, but the use of mobile ransomware, banking malware, and malicious apps by cyber-criminals shot through the roof in 2017.

uTorrent apps vulnerable to remote code execution, information disclosure

The developer of uTorrent for Windows and uTorrent Web has been scrambling to issue patched versions of the BitTorrent-based peer-to-peer fire-sharing apps.

Cisco updates router firmware to prevent remote code execution, DoS attacks

Cisco Systems on Wednesday issued 20 security updates, notably patching a critical vulnerability in two router products that could resulted in remote code execution or a denial of service condition.

Cisco patches ASA software flaw allowing VPN hacks

Cisco's latest security update patches an Adaptive Security Appliance (ASA) software vulnerability that could allow an attacker to gain complete control of an affected system.

Survey: Most security pros aim to patch vulnerabilities within 30 days

High-profile cyber-security incidents continue to appear due to the mistake of companies not applying patches to known vulnerabilities according to Tripwire research.

VMware repairs three critical bugs in vSphere Data Protection

VMware issued patches on Wednesday for a trio of critical vulnerabilities in its vSphere Data Protection backup and recovery solution. The problem was found in versions 6.1.x, 6.0.x, and 5.x, and repaired in versions 6.1.6 and 6.0.7.

Apple addresses KRACK exploits in AirPort Base Station firmware

Apple has continued to roll out patches to fix the KRACK (Key Reinstallation AttaCKs) series of vulnerabilities, this time in its AirPort Base Station firmware.

Google patches 37 security issues in Chrome

Google issued patches for 37 security issues in Chrome, with one being rated critical and six considered high risks, with the release of Chrome 63.0.3239.84.

Cisco patches multiple vulnerabilities in WebEx platforms

Cisco released patches for multiple vulnerabilities in its WebEx Recording Format and Advanced Recoding Format Players to address vulnerabilities.

Google updates Chrome with 15 patches

Google reported it has updated Chrome to version 51.0.2704.79 for Windows, Mac, and Linux with a total of 15 security fixes, including two high and five medium threats, being patched.

Google seeks to phase out Flash on Chrome by year-end

Google plans to begin phasing out support for Adobe's Flash Player by the end of this year, the search company announced on a Chromium forum.

PC users improve software patching yet challenges remain

UK PC users are making progress when it comes to patching software vulnerabilities, however big challenges still remain.

Reflected XSS vuln found on Fortinet login page

A reflected cross-site scripting (RXSS) attack that let attackers log their passwords in cleartext was found contained on Fortinet's login page.

Cisco patches critical IKE vulnerability of ASA firewalls

Cisco released a patch for a critical security vulnerability affecting the Internet Key Exchange of ASA software, the operating system that runs its Adaptive Security Appliance security devices.

Magento issues fixes for 20 vulnerabilities, two rated critical

E-commerce content management provider Magento issued several patches to fix XSS vulnerabilities that could have injected a malicious JavaScript code into the company's online ordering form allowing the system to be taken over remotely.

Dropbear SSH daemon doesn't authenticate users

A critical authentication bug has been discovered in Advantech's EKI series of Modbus-to-TCP/IP gateways.

Adobe issues new batch of patches

Another emergency patch to guard against exploits in the wild

Vulnerabilities found in common web apps

Vulnerabilities have been identified in a few web applications in the e-commerce/shopping cart application osCmax, osCommerce's Online Merchant, Roundcube, Osclass, and SocialEngine.

SC Congress Chicago: New vulnerabilities, new threats stress old security models

When it comes to what security professionals need to do to protect their organisations not much has changed in a couple of decades, though perimeters have all but dissolved and the timeframe for taking action has become more compressed, according to members of a Tuesday panel at SC Congress in Chicago.

Protecting against Android's Stagefright exploit

Stagefright found in Android allows an attacker to run arbitrary code with the media or system permissions.

Adobe updates Flash Player and AIR, fixes 35 bugs

Adobe's Flash Player and AIR updates fix 35 bugs, the majority of which could lead to code execution.