flaws

Vulnerabilities

Issued by: Security Week

Google Removes Vulnerable Library from Android

The addressed issues include remote code execution bugs, elevation of privilege flaws, and information disclosure vulnerabilities, along with a denial of service. Impacted components include Framework, Media framework, System, and Qualcomm components. “The most severe vulnerability in this section could enable a proximate attacker using a specially crafted file to execute arbitrary code within the…

Vulnerabilities

Issued by: Security Week

Apple Fixes Indian Character Crash Bug in iOS, macOS

Updates released by Apple on Monday for iOS, macOS, tvOS and watchOS patch a flaw that causes applications to crash when rendering specific strings of Indian characters. Someone noticed recently that displaying a string written in India’s Telugu language (జ్ఞ‌ా) caused many apps on iOS and macOS to crash. The list of impacted apps includes…

Application Security

Issued by: Security Week

Facebook Flaw Allowed Removal of Any Photo

A researcher says he received a $10,000 bounty from Facebook after finding a critical vulnerability that could have been exploited to delete any photo from the social media network. In early November, Facebook announced a new feature for posting polls that include images and GIF animations. Iran-based security researcher and web developer Pouya Darabi analyzed…

Vulnerabilities

Issued by: Security Week

Google Patches 81 Android Vulnerabilities With September 2017 Updates

A total of 81 security vulnerabilities have been addressed in this month’s set of security patches for the Android platform. 13 of the flaws were rated Critical severity. The security bulletin has two security patch levels, each focused on addressing vulnerabilities in specific components. The 2017-09-01 security patch level fixes a total of 30 vulnerabilities, 10 of…

Vulnerabilities

Issued by: Security Week

Microsoft Patches Many Exploited, Disclosed Flaws

Microsoft has released a total of 18 security bulletins to address tens of vulnerabilities, including more than a dozen that have already been publicly disclosed or exploited in attacks. The March 2017 updates also include the patches that should have been released last month. Microsoft postponed most of the February security updates – except the…

Vulnerabilities

Issued by: Dark Reading

HackerOne Offers Free Service for Open Source Projects

Service aims to provide efficient security programs but projects must meet certain rules to qualify for it. HackerOne has announced free professional service for open-source projects aimed at providing support to project developers for running efficient and productive security programs. Called HackerOne Community Edition, this service will help open-source projects with “vulnerability submission, coordination, dupe…

Vulnerabilities

Issued by: Help Net Security

Multiple security flaws found in mainstream robotic technologies

IOActive exposed numerous vulnerabilities found in multiple home, business, and industrial robots available on the market today. The array of vulnerabilities identified in the systems evaluated included many graded as high or critical risk, leaving the robots highly susceptible to attack. Attackers could employ the issues found to maliciously spy via the robot’s microphone and…

Application Security, Vulnerabilities

Issued by: Security Week

Cisco Patches 9 Flaws in Email Security Appliance

The most serious, rated “high severity,” are three DoS flaws in the AsyncOS software for Cisco ESA. The security holes, tracked as CVE-2016-6356, CVE-2016-1486 and CVE-2016-1481, allow a remote, unauthenticated attacker to cause a DoS condition on affected devices using specially crafted emails and malicious attachments. CVE-2016-1481 and CVE-2016-6356 affect AsyncOS versions 8.0 and prior,…