Google Warns of New Chrome Zero-Day Attack
Google on Friday joined the list of vendors dealing with zero-day attacks, rolling out a major Chrome Desktop update to fix a security defect that’s already been exploited in the wild. The high-severity vulnerability, tracked as CVE-2023-2033, is described as a type confusion in the Chrome V8 JavaScript engine. “Google is aware that an exploit…
Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads
Last week, we warned about the appearance of two critical zero-day bugs that were patched in the very latest versions of macOS (version 13, also known as Ventura), iOS (version 16), and iPadOS (version 16). Zero-days, as the name suggests, are security vulnerabilities that were found by attackers, and put to real-life use for cybercriminal…
Apple Ships Urgent iOS Patch for Newly Exploited Zero-Days
The newest iOS 16.4.1 and iPadOS 16.4.1 updates cover code execution software flaws in IOSurfaceAccelerator and WebKit, suggesting a complex exploit chain was detected in the wild hitting the latest iPhone devices. “Apple is aware of a report that this issue may have been actively exploited,” Cupertino says in a barebones advisory that credits Google…
Spyware vendors use exploit chains to take advantage of patch delays in mobile ecosystem
Several commercial spyware vendors developed and used zero-day exploits against iOS and Android users last year. However, their exploit chains also relied on known vulnerabilities to work, highlighting the importance of both users and device manufacturers to speed up the adoption of security patches. “The zero-day exploits were used alongside n-day exploits and took advantage…
Microsoft Patch Tuesday: 36 RCE bugs, 3 zero-days, 75 CVEs
Deciphering Microsoft’s official Update Guide web pages is not for the faint-hearted. Most of the information you need, if not everything you’d really like to know, is there, but there’s such a dizzing number of ways to view it, and so many generated-on-the-fly pages are needed to display it, that it can be tricky to…
Apple backported patches for CVE-2022-42856 zero-day on older iPhones, iPads
On December 2022, Apple released security updates to address a new zero-day vulnerability, tracked as CVE-2022-42856, that is actively exploited in attacks against iPhones. The IT giant released security bulletins for iOS/iPadOS 15.7.2, Safari 16.2, tvOS 16.2, and macOS Ventura 13.1. Apple addressed the vulnerability with improved state handling for the iPhone 6s (all models),…
Attackers Crafted Custom Malware for Fortinet Zero-Day
Researchers analyzing data associated with a recently disclosed zero-day vulnerability in Fortinet’s FortiOS SSL-VPN technology have identified a sophisticated new backdoor specifically designed to run on Fortinet’s FortiGate firewalls. The malware appears to be the work of a China-based threat actor engaged in cyber-espionage operations targeting government organizations and those working with these organizations. It…
Microsoft Scrambles to Thwart New Zero-Day Attacks
For the second consecutive month, the world’s largest software maker rushed out patches to cover vulnerabilities that were already exploited as zero-days in the wild, including a pair of belated fixes for Microsoft Exchange Server security defects targeted by a state-sponsored threat actor for several months. As part of its scheduled Patch Tuesday update process,…
Microsoft fixes exploited zero-day in Windows CSRSS (CVE-2022-22047)
The July 2022 Patch Tuesday is upon us and has brought fixes for 84 CVEs in various Microsoft products, including an actively exploited zero-day: CVE-2022-22047, an elevation of privilege bug in Windows’ Client/Server Runtime Subsystem (CSRSS). “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft noted, but the attacker must first gain…
Emergency Chrome 103 Update Patches Actively Exploited Vulnerability
The flaw, tracked as CVE-2022-2294, has been described as a heap buffer overflow in WebRTC. The security hole was reported to Google by a member of the Avast Threat Intelligence team on July 1. The zero-day has been patched with the release of Chrome 103.0.5060.114 for Windows. No information has been made available about the…
