Cisco Patches Critical Playback Bugs in WebEx Players

A Cisco Systems security advisory is urges users of its WebEx platform to patch six vulnerabilities that could allow attackers to execute remote code. Continue reading Cisco Patches Critical Playback Bugs in WebEx Players

Remote Wi-Fi Attack Backdoors iPhone 7

Google’s Project Zero released a proof-of-concept attack against a Wi-Fi firmware vulnerability in Broadcom chips that backdoors the iPhone 7. The flaw was patched in iOS 11. Continue reading Remote Wi-Fi Attack Backdoors iPhone 7

Google Researcher Publishes PoC Exploit for Apple iPhone Wi-Fi Chip Hack

You have now another good reason to update your iPhone to newly released iOS 11—a security vulnerability in iOS 10 and earlier now has a working exploit publicly available.

Gal Beniamini, a security researcher with Google Project Zero, has discovered a security vulnerability (CVE-2017-11120) in Apple’s iPhone and other devices that use Broadcom Wi-Fi chips and is hell easy to exploit.

This

Continue reading Google Researcher Publishes PoC Exploit for Apple iPhone Wi-Fi Chip Hack

Apple Patches BroadPwn Bug in iOS 10.3.3

Apple released iOS 10.3.3 Wednesday that serves as a cumulative patch update for multiple vulnerabilities including the high-profile BroadPwn bug. Continue reading Apple Patches BroadPwn Bug in iOS 10.3.3

Cisco Patches Another Critical Ormandy Bug in WebEx Extension

Researchers Tavis Ormandy and Cris Neckar privately disclosed a critical vulnerability in Cisco’s WebEx extension for Chrome and Firefox that allows for remote code execution. Continue reading Cisco Patches Another Critical Ormandy Bug in WebEx Extension

Another RCE Vulnerability Patched in Microsoft Malware Protection Engine

Google Project Zero’s Tavis Ormandy found another remote code execution vulnerability in the Microsoft Malware Protection Engine, the third since early May. Continue reading Another RCE Vulnerability Patched in Microsoft Malware Protection Engine

Microsoft Quietly Patches Another Critical Malware Protection Engine Flaw

Microsoft quietly patched a critical vulnerability found by Google’s Project Zero team in the Malware Protection Engine. Continue reading Microsoft Quietly Patches Another Critical Malware Protection Engine Flaw

Microsoft hurries to patch ‘worst’ Windows vulnerability

Microsoft has rushed out a self-installing patch for a zero-day vulnerability in a Windows security program that allows hackers to take over a computer just by sending an email. “The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file,” reads the advisory about the patch Microsoft issued Monday. That means hackers can exploit the flaw simply by sending an email with a specially designed attachment. As soon as the malware engine scans the attachment, the code opens the vulnerability and the attacker can take control. Remote code execution bugs are considered the most severe kind of security vulnerability, and flaws in security software are often especially bad because of its trusted status on the machine. The Microsoft security advisory said there was no evidence the vulnerability— designated CVE-2017-0920 — “had been publicly used to attack customers” at the time of publication. The company added […]

The post Microsoft hurries to patch ‘worst’ Windows vulnerability appeared first on Cyberscoop.

Continue reading Microsoft hurries to patch ‘worst’ Windows vulnerability

Wormable Windows Zero Day Reported to Microsoft

Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich found a remotely exploitable Windows vulnerability that Ormandy called he worst in recent memory. Continue reading Wormable Windows Zero Day Reported to Microsoft