Security Patches News, Articles and Updates

WordPress update fixes XSS issues

Bloggers using the WordPress platform are "strongly encouraged" to update their sites immediately to address persistent XSS issues.

Adobe issued hotfix for critical information disclosure vulnerability in ColdFusion

Adobe has released security hotfixes for a critical information disclosure vulnerability that exists in ColdFusion versions 10 and 11, across all platforms.

Cisco updates advisory: "We have started publishing fixes" for NSA-linked exploits

Cisco updated a security advisory for a remote code execution vulnerability affecting the SNMP application-layer protocol.

Cisco flags five product vulnerabilities that could trigger denial of service

Cisco issued five security alerts last week, issuing software updates to patch a series of vulnerabilities, any of which could potentially trigger a denial of service condition.

Google patches Chrome 49 vulnerabilities

Google released a patch for vulnerabilities affecting the latest version of Chrome for Windows, Mac, and Linux, including several high-risk issues.

Silverlight exploit now used in Angler Exploit Kit

As Kaspersky Labs researchers predicted, exploits of Silverlight vulnerability are now in the Angler Exploit Kit.

Several bugs detected in IBM Java Runtime

Multiple vulnerabilities that could enable a remote attacker to launch a denial-of-service attack have been detected in the IBM Runtime Environment Java Technology Edition v6.

Mozilla patches 11 issues with Firefox, three rated critical

Mozilla released 11 patches for Firefox 44 and Firefox ESR 38.6 with three being rated as critical.

Nest, other IoT devices, sent user info in the clear

Researchers at Princeton University's Center for Information Technology Policy (CITP) found security vulnerabilities in many of the most popular IoT devices that they looked at, including Google's Nest Thermostat.

Apple updates iOS, OS X and Safari

Apple released patches for iOS, OS X and Safari after Synack's Patrick Wardle demonstrated that it was still possible for attackers to bypass Apple's Gatekeeper program.

Kernel bug allows full takeover of Linux devices

Researchers discovered a serious vulnerability in the Linux operating system kernel that could allow attackers to take full control of Linux devices, including PCs, Android phones and servers.

Gatekeeper flaw opens Apple systems to intrusion

Mac users who have long felt secure from cyber-attacks may now be susceptible owing to a reported flaw.

'High risk' for users of FRITZ!Box routers

A number of remote code execution bugs in several models of FRITZ!Box broadband routers could allow intruders to place phone calls through the device.

WordPress 4.4.1 patches 52 security issues

WordPress issued its latest security release, version 4.4.1, to patch more than 50 problems, including a cross-site scripting vulnerability affecting versions 4.4 and earlier.

Adobe addresses vulnerabilities in Flash Player, Acrobat and Reader

Adobe on Tuesday released security updates for Flash Player, AIR, Acrobat and Reader that address numerous bugs, some of which are considered critical.

WordPress 4.3.1 released, fixes three security issues

WordPress 4.3.1 was made available on Tuesday, and users are strongly encouraged to upgrade since it comes with fixes for a few security issues.

Adobe addresses critical Shockwave Player vulnerabilities

The update addresses critical memory corruption vulnerabilities that could be exploited by an attacker to take control of an affected Windows system.

Samsung will now release monthly security patches

Samsung will issue monthly Android patches through various agreements with carriers and partners around the world.

WordPress 4.2.3 released, addresses critical XSS vulnerability

WordPress 4.2.3 was made available on Thursday - the update comes with fixes for a number of bugs, including a potentially dangerous cross-site scripting (XSS) vulnerability.

Cisco addresses denial-of-service vulnerability in Videoscape products

The updates address a DoS vulnerability in Videoscape Distribution Suite for Internet Streaming and Videoscape Distribution Suite Service Broker.

Apple fixes dozens of vulnerabilities in iOS and OS X

Security flaws would have allowed remote code execution and Man-in-the-Middle attacks

How to get IT to eat its vegetables

Patching can be a significant pain for organisations. Similar to eating our vegetables, it's something we know we should do but is still hard to swallow for various reasons, says Rob Juncker.