security update Archives - Cyber Security Minute

Apple Ships Urgent iOS Patch for Newly Exploited Zero-Days

Issued by: SecurityWeek

The newest iOS 16.4.1 and iPadOS 16.4.1 updates cover code execution software flaws in IOSurfaceAccelerator and WebKit, suggesting a complex exploit chain was detected in the wild hitting the latest iPhone devices. “Apple is aware of a report that this issue may have been actively exploited,” Cupertino says in a barebones advisory that credits Google…

Vulnerabilities

Citrix ADC, Gateway Users Race Against Hackers to Patch Critical Flaw

Issued by: Dark Reading

Citrix has issued a patch for a critical flaw affecting Citrix ADC and Citrix Gateway, adding that the company is aware of attacks against the vulnerability in the wild. The vulnerability, tracked under CVE-2022-27518, affects Citrix ADC and Citrix Gateway versions 12.1 (including FIPS and NDcPP) and 13.0 before 13.0-58.32. “Both must be configured with…

Vulnerabilities

Google Chrome zero-day exploited in the wild (CVE-2022-4262)

Issued by: Help Net Security

Google has patched CVE-2022-4262, a type confusion vulnerability in the V8 JavaScript engine used by Google Chrome (and Chromium), which is being exploited by attackers in the wild. No other technical details have been shared about this zero-day flaw, only that it was reported by security engineer Clement Lecigne of Google’s Threat Analysis Group (TAG),…

Vulnerabilities

Critical vulnerability in Spotify’s Backstage discovered, patched

Issued by: Help Net Security

A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in their environments. What is Backstage? Having more than 19,000 stars on Github, Backstage is one of the most popular open-source platforms for building developer portals and is in widespread use…

Vulnerabilities

WordPress Security Update 6.0.3 Patches 16 Vulnerabilities

Issued by: Security Week

WordPress 6.0.3 fixes nine stored and reflected cross-site scripting (XSS) vulnerabilities, as well as open redirect, data exposure, cross-site request forgery (CSRF), and SQL injection flaws. WordPress security company Defiant has shared a description of each vulnerability. Four of them have a ‘high severity’ rating, and the rest have ‘medium’ or ‘low’ severity. “We have…

Vulnerabilities

Microsoft fixes exploited zero-day in Windows CSRSS (CVE-2022-22047)

Issued by: Help Net Security

The July 2022 Patch Tuesday is upon us and has brought fixes for 84 CVEs in various Microsoft products, including an actively exploited zero-day: CVE-2022-22047, an elevation of privilege bug in Windows’ Client/Server Runtime Subsystem (CSRSS). “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft noted, but the attacker must first gain…

Mobile Security, Software Security

Apple Announces New Security Update Feature in iOS 16, macOS Ventura

Issued by: Security Week

The new feature, named Rapid Security Response, will become available in the upcoming iOS 16 and macOS Ventura, both scheduled for release in late 2022. According to Apple, important security updates will be delivered to iPhones and Macs in between standard software updates. In addition, they can be applied automatically and they do not require…

Vulnerabilities

QNAP Extends Security Updates for Some EOL Devices

Issued by: Security Week

QNAP typically provides security updates for four years after a product has reached EOL status. The reason for that, the company says, is that some models may be technologically deprecated and may lack performance capabilities and operational memory, meaning that they may not receive updated drivers. However, due to evolving security threats targeting QNAP models,…

Vulnerabilities

Apple fixes actively exploited iOS, macOS zero-day (CVE-2022-22620)

Issued by: Help Net Security

Another month, another zero-day (CVE-2022-22620) exploited in the wild that has been fixed by Apple. About CVE-2022-22620 CVE-2022-22620 is a use after free issue in WebKit, the browser engine used in Safari and all iOS web browsers. Apple fixed it in iOS 15.3.1 and iPadOS 15.3.1, macOS Monterey 12.2.1, and Safari 15.3. “Processing maliciously crafted…

Mobile Security

Apple Patches iOS HomeKit Flaw After Researcher Warning

Issued by: Security Week

The iOS 15.2.1 patch, available for all supported iPhones and iPads, is described simply as a “resource exhaustion issue” that causes the device to hang when processing maliciously crafted HomeKit accessory names. The sudden appearance of the patch comes almost two weeks after researcher Trevor Spiniolas publicly documented the HomeKit bug and warned that it…