Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors. Tracked as CVE-2024-0762 (CVSS score: 7.5), the “UEFIcanhazbufferoverflow” vulnerability has been described as a case of a buffer overflow stemming from the use of an unsafe variable in the…

Researchers have developed a side-channel exploit for Apple CPUs, enabling sophisticated attackers to extract sensitive information from browsers. Side-channel attacks are usually overlooked, often physical counterparts to traditional software hacks. Rather than an unsecured password or a vulnerability in a program, they take advantage of the extra information a computer system or hardware generates —…

Over 70% of the severe bugs identified last year in Chrome were memory safety issues, namely “mistakes with pointers in the C or C++ languages,” and Google decided to tackle the problem before it becomes even more serious. Of the potential solutions, the Internet search giant decided to focus on two, namely introducing runtime checks…

The quarterly set of security patches addresses a total of 41 vulnerabilities considered critical severity, including 5 that feature a CVSS score of 10. The most severe of these vulnerabilities could be exploited to execute code remotely within the context of the vulnerable applications, potentially resulting in full system compromise. Oracle’s E-Business Suite received patches…