Displaying items by tag: Zerodays

Microsoft has released patches for two zero-day vulnerabilities being exploited in the wild, along with fixes for another 57 CVEs on its monthly Patch Tuesday.

Apple has released security updates for a slew of vulnerabilities in its iOS, iPadOS and macOS Ventura operating systems, with two of the flaws affecting the three operating systems having been exploited in the wild.

Microsoft has released patches for 75 vulnerabilities overnight on its second Patch Tuesday for the year, with nine being rated critical.

Microsoft has issued patches for 73 CVEs, including two zero-day flaws one of which has been exploited in the wild, as part of its monthly Patch Tuesday release.

Google appears to have failed so far in 2022 to reach one of the stated goals in its review of zero-days for 2021: sharing exploit samples or detailed technical descriptions more widely.

Microsoft has issued patches for 117 CVEs in its April Patch Tuesday release, with nine rated critical and 108 as important, the most it has ever released for a single month since September 2020. Included among these were two zero-day vulnerabilities, one of which was exploited in the wild and reported to Microsoft by the NSA.

Apple has issued emergency fixes for two zero-day vulnerabilities that were being exploited in the wild and which affect iPhones, iPads, and Macs.

Microsoft has released patches for two zero-day vulnerabilities, along with patches for 84 other flaws in its products, including Microsoft Edge.

Apple has released patches for two zero-day flaws in its iOS and macOS operating systems, warning that these are being actively exploited.

A campaign targeting security researchers, initially unearthed in January, has set up a new website in March to continue the attempt to target these professionals.

Google has caused an anti-terrorist operation being run by a Western Government which is an ally of the US to be shut down by revealing details about the use of zero-day exploits in the campaign.

Microsoft has issued an advisory stating that four zero-day exploits are being used to attack versions of Microsoft Exchange Server on-premise.

UPDATED 11 February: Ex-NSA hacker and former owner of security company Immunity, Dave Aitel, has launched a fresh salvo of tweets against a book published by New York Times cyber security reporter Nicole Perlroth, after securing and reading a copy of the tome which was published on Tuesday US time.

Two zero-day bugs in Google's Chrome browser, both of which were being exploited in the wild, have been fixed, according to the company's Project Zero technical lead Ben Hawkes.

Veteran vulnerability researcher Dave Aitel has offered his views on a major flaw in the BIG-IP range of devices, saying that the fact many people had assumed it had never been found and exploited could well be incorrect.

San Francisco-based security outfit ZecOps claims to have found a pair of remotely-exploitable vulnerabilities in the wild targeting the Mail program on iPhones, adding that these have been present since at least iOS 6, which was released in September 2012.

Security outfit Tenable Research says it has discovered four zero-day vulnerabilities in the PremiSys building access control system developed by the US firm IDenticard.