operating system Archives - Cyber Security Minute

Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug

Issued by: SecurityWeek

The critical bug, tracked as CVE-2024-31320, impacts Android versions 12 and 12L and allows an attacker to escalate privileges on a vulnerable device. “The most severe of these issues is a critical security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed,” Google explains in…

Vulnerabilities

Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product

Issued by: SecurityWeek

An urgent bulletin from the Burlington, Mass. company documented at least eight security defects that could be exploited remotely and urged business customers to immediately upgrade to WS_FTP Server 2020.0.4 (8.7.4) and WS_FTP Server 2022.0.2 (8.8.2). Progress Software said two of the vulnerabilities — CVE-2023-40044 and CVE-2023-40045 — are rated critical because of the risk…

Application Security

Microsoft Adds Passkeys to Windows 11

Issued by: Dark Reading

In a major update to its Windows 11 operating system this week, Microsoft has integrated Passkeys alongside Windows Hello, its biometric authentication tool. Passkeys creates a unique credential that allows users to authenticate with their face, fingerprint, or a PIN in a more secure process than the traditional password. Microsoft’s passkeys will be available on…

Vulnerabilities

Synology fixes multiple critical vulnerabilities in its routers

Issued by: Security Affairs

Taiwanese NAS maker Synology published two new critical advisories in December. The first advisory is related to the most severe vulnerability addressed by the company, which is a critical out-of-bounds write issue, tracked as CVE-2022-43931 (CVSS3 Base Score10). The vulnerability resides in the Remote Desktop Functionality of Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635….

Application Security

Google Improves Chrome Protections Against Use-After-Free Bug Exploitation

Issued by: Security Week

A type of memory corruption bugs, use-after-free issues occur when a program does not clear the pointer after freeing memory allocation. These flaws could lead to arbitrary code execution, data corruption, or denial of service. Use-after-free vulnerabilities may also be combined with other security flaws, leading to complete system compromise. The exploitation of use-after-free issues…

Vulnerabilities

Microsoft Shares Details on Critical ChromeOS Vulnerability

Issued by: Security Week

Tracked as CVE-2022-2587 (CVSS score of 9.8) and described as an out-of-bounds write, the vulnerability was addressed with the release of a patch in June. The issue was identified in the CRAS (ChromiumOS Audio Server) component, and could be triggered using malformed metadata associated with songs. CRAS resides between the operating system and ALSA (Advanced…

Vulnerabilities

Known macOS Vulnerabilities Led Researcher to Root Out New Flaws

Issued by: Dark Reading

Sometimes all it takes to root out a new software vulnerability is to study and analyze previous bug reports. That’s how researcher Csaba Fitzl says he sniffed out some new Apple macOS vulnerabilities, one of which was a mirror image of a logic flaw that a group of researchers competing in the 2020 Pwn2Own contest…

Software Security

Ciphertex Data Security SecureNAS CX-160KHD-X protects healthcare data from cyber criminals

Issued by: Help Net Security

Ciphertex Data Security is introducing its new SecureNAS CX-160KHD-X model, which holds a 320TB, and its new CX-Linux ZFS operating system. These products provide a new level of safety, security, and portability for vital healthcare information, which is increasingly under attack by hackers desiring to capture and sell this valuable data or to hold it…

Vulnerabilities

Microsoft Patch Tuesday: Windows Flaw Under Active Attack

Issued by: Security Week

The zero-day flaw, documented as CVE-2021-36948, is rated “important” with a CVSS base score of 7.8. Microsoft described the vulnerability as a local privilege escalation bug, a suggestion that it is part of a larger software exploit chain. The Windows Update Medic Service is used to repair Windows Update components from damage so that Windows…

Vulnerabilities

VMware Urges Customers to Immediately Patch Critical vSphere Vulnerability

Issued by: Security Week

The vulnerability, tracked as CVE-2021-21985, was reported to VMware by Ricter Z of 360 Noah Lab and it has been patched in versions 6.5, 6.7 and 7.0 of vCenter Server. According to VMware, the vulnerability impacts the vSphere Client, specifically the Virtual SAN Health Check plugin, which is enabled by default in vCenter Server even…