[ad_1] There are more reforms. If there’s an incomplete fix, it’ll be reported to the developer and added to an existing report. Before, it would sometimes be treated as a separate problem with its own deadline. Google will also open tracker reports the moment a flaw is patched during the “grace period” (a 14-day window […]
Category: vulnerability
Twitter fixes an Android bug that could have allowed hackers to hijack accounts
[ad_1] The company says it doesn’t have evidence that suggests anyone was able to exploit the vulnerability. However, it notes, “we can’t be completely sure so we are taking extra caution.” The company is contacting people it thinks may have had their app exposed to the bug with instructions on how to protect their account. […]
Intel fixes CPU security flaw it said was patched in May
[ad_1] The Vrije Universiteit Amsterdam researchers who alerted Intel to the problems have told the New York Times that Intel apparently ignored key proof-of-concept exploits when developing the May update, and should have found the relevant flaws even without those ready-made examples. The team refused to stay quiet with the November patch knowing that there […]
Amazon Echo Show falls victim to an old flaw at hacking contest
[ad_1] The patch gap was a “common factor” in many of the Internet of Things hacks at the contest, Gorenc added. This was the first time contestants could target devices in the Home Automation category, and there were a number of firsts beyond that. Fluoroacetate also compromised a Sony X800G TV (the first television target […]
Apple will fix macOS flaw exposing portions of encrypted emails
[ad_1] The vulnerability exists in at least the last four versions of macOS, ranging from Sierra to Catalina. This isn’t as glaring a flaw as it sounds. To be vulnerable, you’d have to use Mail, send encrypted messages from Mail and leave FileVault’s whole-drive encryption turned off. If you rely on a third-party email client […]
The first in-the-wild BlueKeep attack isn’t as dangerous as feared
[ad_1] There’s been a “spike” in traffic related to the flaw, Rendition Infosec’s Jake Williams told Wired, but it hasn’t hit “critical mass.” This doesn’t rule out the possibility of a more serious BlueKeep attack. There were still 735,000 computers open to BlueKeep as of August, according to Errata Security. However, the window of opportunity […]
One of Linux’s most important commands had a glaring security flaw
[ad_1] The quirk revolved around sudo’s treatment of user IDs. If you typed the command with a user ID of -1 or its unsigned equivalent 4294967295, it would treat you as if you had root access (user ID 0) even as it recorded the actual user ID in the log. The user IDs in question […]
Google found a serious Android flaw affecting Pixel, Samsung and Huawei phones
[ad_1] The exploit was discovered by Google’s Project Zero team, and its Threat Analysis Group believes it was used in real-world attacks by Israel’s NSO Group. That company has been implicated in the past in attacks on human rights and political activists. Google said that the zero-day is not as dangerous as others in the […]
Second SIM card attack can send texts and phone location data
[ad_1] The vulnerability could be used to track a device’s location, point users to phishing websites and rack up fees on calls to toll numbers, among other tricks. Ginno has briefed the GSM Association on WIBattack, although it’s not clear what if anything the industry body is doing to address the issue. It’s not certain […]
LastPass patched a bug that could have exposed your passwords
[ad_1] Security researcher Tavis Ormandy, of Google’s Project Zero, notified LastPass of the bug. The flaw could have allowed hackers on malicious sites to access users’ credentials entered on the previous site. Fortunately, there’s no reason to believe the bug was exploited, and while it only impacted Chrome and Opera browsers, LastPass patched all browser […]