Zero-days

Google patches Chrome vulnerability exploited in the wild (CVE-2020-16009)

Google has released Chrome 86.0.4240.183 security update for Windows, Mac and Linux. The update also addresses a High severity zero-day vulnerability that is being exploited in the wild.

Google patches Chrome vulnerability exploited in the wild (CVE-2020-16009) Read More »

Netgear fixes high risk vulnerability in multiple routers and network devices

Netgear has released firmware updates to fix a high severity remote code execution (RCE) vulnerability in multiple Netgear routers and other network devices. A remote attacker could exploit to take control of an affected device.

Netgear fixes high risk vulnerability in multiple routers and network devices Read More »

Ripple20 zero-day vulnerabilities impact hundreds of millions of IoT devices

Security researchers have identified a series of 19 zero-day vulnerabilities in a lightweight TCP/IP stack library used in many IoT products. The vulnerabilities dubbed Ripple20 likely impact hundreds of millions of IoT devices.

Ripple20 zero-day vulnerabilities impact hundreds of millions of IoT devices Read More »

Apple releases patch for “unc0ver” jailbreak zero-day vulnerability

Apple has released a patch for a previously disclosed “Unc0ver” jailbreak 0-day vulnerability. The security updates and patch address iOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, watchOS 6.2.6, tvOS 13.4.6 and other products.

Apple releases patch for “unc0ver” jailbreak zero-day vulnerability Read More »

Microsoft April 2020 Security Updates (with fixes for 2 zero-days)

Microsoft released the April 2020 Security Updates that includes 113 unique vulnerability fixes, 18 of those rated critical. The updates also include patches for two Adobe Font Manager zero day vulnerabilities disclosed in March.

Microsoft April 2020 Security Updates (with fixes for 2 zero-days) Read More »

Microsoft issues advisory for two zero-day RCE vulnerabilities exploited in the wild (updated)

Microsoft has issued a new security advisory for two remote code execution (RCE) vulnerabilities in Adobe Type Manager (ATM) Library exploited in the wild. Microsoft also published several workarounds to reduce risk until a patch is rolled out.

Microsoft issues advisory for two zero-day RCE vulnerabilities exploited in the wild (updated) Read More »

Trend Micro patches two zero-day vulnerabilities under active attack in the wild

Trend Micro has patched five vulnerabilities in multiple products. The updates address two zero-days – one Critical risk vulnerability CVE-2020-8467 and another High risk vulnerability CVE-2020-8468 under active attack in the wild. In addition, the company also patched three other Critical vulnerabilities that require no authentication to exploit.

Trend Micro patches two zero-day vulnerabilities under active attack in the wild Read More »

Microsoft February 2020 Security Updates (includes IE zero-day fix)

Microsoft issued the February 2020 Security Updates that include 101 unique vulnerability fixes, 13 of those rated critical. The update also includes a patch for an IE zero-day scripting engine vulnerability CVE-2020-0674 disclosed in January.

Microsoft February 2020 Security Updates (includes IE zero-day fix) Read More »