Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day

Atlassian confirms that “a handful of customers” were hit by exploits targeting a remotely exploitable flaw in its Confluence Data Center and Server products.
The post Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day appeared first on Sec… Continue reading Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day

Android’s October 2023 Security Updates Patch Two Exploited Vulnerabilities

The October 2023 security update for Android patches two vulnerabilities exploited in attacks, both likely linked to spyware vendors.
The post Android’s October 2023 Security Updates Patch Two Exploited Vulnerabilities appeared first on SecurityW… Continue reading Android’s October 2023 Security Updates Patch Two Exploited Vulnerabilities

Critical Vulnerability in libwebp Library

Both Apple and Google have recently reported critical vulnerabilities in their systems—iOS and Chrome, respectively—that are ultimately the result of the same vulnerability in the libwebp library:

On Thursday, researchers from security firm Rezillion published evidence that they said made it “highly likely” both indeed stemmed from the same bug, specifically in libwebp, the code library that apps, operating systems, and other code libraries incorporate to process WebP images.

Rather than Apple, Google, and Citizen Lab coordinating and accurately reporting the common origin of the vulnerability, they chose to use a separate CVE designation, the researchers said. The researchers concluded that “millions of different applications” would remain vulnerable until they, too, incorporated the libwebp fix. That, in turn, they said, was preventing automated systems that developers use to track known vulnerabilities in their offerings from detecting a critical vulnerability that’s under active exploitation…

Continue reading Critical Vulnerability in libwebp Library

Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks

Predator spyware delivered to iPhones and Android devices using iOS and Chrome zero-day vulnerabilities and MitM attacks. 
The post Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks appeared first on SecurityWeek.
Continue reading Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks

Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones

Apple has patched 3 zero-day vulnerabilities that have likely been exploited by a spyware vendor to hack iPhones.
The post Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones appeared first on SecurityWeek.
Continue reading Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones

Trend Micro Patches Exploited Zero-Day Vulnerability in Endpoint Security Products

Trend Micro has patched CVE-2023-41179, an Apex One zero-day code execution vulnerability that has been exploited in attacks. 
The post Trend Micro Patches Exploited Zero-Day Vulnerability in Endpoint Security Products appeared first on SecurityWeek.
Continue reading Trend Micro Patches Exploited Zero-Day Vulnerability in Endpoint Security Products

After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery

After Apple and Google, Mozilla has also patched an image processing-related zero-day vulnerability exploited by spyware.
The post After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery appeared first on SecurityWeek.
Continue reading After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery