bugs Archives - Cyber Security Minute

Adobe Patch Tuesday: Critical Bugs in Acrobat, Reader, ColdFusion

Issued by: SecurityWeek

As part of its scheduled Patch Tuesday updates, Adobe documented 72 distinct security bugs and called special attention to code-execution defects in the widely deployed Adobe Acrobat and Reader software. In a critical-severity bulletin, Adobe documented at least 17 Acrobat and Reader bugs that expose unpatched Windows and macOS systems to arbitrary code execution and…

Vulnerabilities

KeePass fixed the bug that allows the extraction of the cleartext master password

Issued by: Security Affairs

KeePass has addressed the CVE-2023-32784 vulnerability, which allowed the retrieval of the clear-text master password from the client’s memory. KeePass is a free and open-source software used to securely manage passwords. It functions as a digital “safe” where users can store and organize their sensitive information, including passwords, credit card numbers, notes, and other sensitive…

Vulnerabilities

Microsoft Patch Tuesday: 36 RCE bugs, 3 zero-days, 75 CVEs

Issued by: Naked Security

Deciphering Microsoft’s official Update Guide web pages is not for the faint-hearted. Most of the information you need, if not everything you’d really like to know, is there, but there’s such a dizzing number of ways to view it, and so many generated-on-the-fly pages are needed to display it, that it can be tricky to…

Network Security

Are 100% Security Guarantees Possible?

Issued by: Dark Reading

There is no software without bugs, right? While this is a common sentiment, we make assumptions that rely on the premise that software has no bugs in our day-to-day digital life. We trust identity providers (IDPs) to get authentication right, operating systems to perfectly comply with their specs, and financial transactions to always perform as…

Vulnerabilities

Chrome 106 Update Patches Several High-Severity Vulnerabilities

Issued by: Security Week

All the newly resolved vulnerabilities were discovered by external researchers and the internet giant has handed out $38,000 in bug bounty rewards to the reporters. Based on the bug bounty amounts that Google has paid out, the most severe of the newly addressed flaws is CVE-2022-3445, a use-after-free vulnerability in Skia, the open-source 2D graphics…

Mobile Security, Vulnerabilities

TikTok for Android Bug Allows Single-Click Account Hijack

Issued by: Dark Reading

A high-severity flaw in the Android version of the TikTok app — which has been installed more than 1.5 billion times so far via the Google Play Store — could allow threat actors to hijack a user’s account with a single click. Microsoft discovered the high-severity vulnerability in the handling of one of TikTok for…

Vulnerabilities

Google Patches 27 Vulnerabilities With Release of Chrome 98

Issued by: Security Week

The most severe of these security defects could be exploited to execute arbitrary code with the same privileges as the Chrome browser has on the target system. Of the 19 flaws, eight carry a severity rating of high, 10 are considered medium severity, and one low risk. More than half of the externally reported vulnerabilities…

Vulnerabilities

Facebook Will Reward Researchers for Reporting Scraping Bugs

Issued by: Security Week

As part of its bug bounty program, the company will pay monetary rewards to security researchers who discover flaws that allow attackers to bypass existing scraping limitations and gain access to data at scale. Scrapers – including malicious apps, scripts, and websites – constantly adapt to evade detection, and Facebook says it is seeking ways…

Malware & Threats

Google Patches Critical Code Execution Vulnerability in Android

Issued by: Security Week

Tracked as CVE-2021-0430 and affecting Android 10 and 11, the code execution vulnerability is deemed critical severity. The bug was patched as part of the 2021-04-01 security patch level. “The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted file…

Vulnerabilities

Critical Firefox Vulnerability Can Allow Code Execution If Chained With Other Bugs

Issued by: Security Week

In its advisory for the vulnerability — the bug currently does not have a CVE identifier — Mozilla described it as a “buffer overflow in depth pitch calculations for compressed textures.” The issue, reported by researchers Abraruddin Khan and Omair through Trend Micro’s Zero Day Initiative (ZDI), apparently only impacts Firefox running on Windows —…