Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed "BlastDoor," the improved sandbox system for iMessage data was disclosed by Samuel Groß, a security researcher with Project Zero, a team of security … [Read more...] about Google uncovers new iOS security feature Apple quietly added after zero-day attacks
ZeroDay
New Chrome Zero-Day Under Active Attacks – Update Your Browser
Google has patched a second actively exploited zero-day flaw in the Chrome browser in two weeks, along with addressing nine other security vulnerabilities in its latest update. The company released 86.0.4240.183 for Windows, Mac, and Linux, which it said will be rolling out over the coming days/weeks to all users. The zero-day flaw, tracked as CVE-2020-16009, was reported by … [Read more...] about New Chrome Zero-Day Under Active Attacks – Update Your Browser
Google Discloses Windows Zero-Day Bug Exploited in the Wild
Google has disclosed details of a new zero-day privilege escalation flaw in the Windows operating system that's being actively exploited in the wild. The elevation of privileges (EoP) vulnerability, tracked as CVE-2020-17087, concerns a buffer overflow present since at least Windows 7 in the Windows Kernel Cryptography Driver ("cng.sys") that can be exploited for a sandbox … [Read more...] about Google Discloses Windows Zero-Day Bug Exploited in the Wild
Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild
Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device. "An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device," Cisco said in an advisory posted over the weekend."A … [Read more...] about Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild
Zero-day RCE vulnerabilities in Windows Adobe Type Manager Library actively exploited
Updated on April 14. Microsoft has issued a warning about two new vulnerabilities in the Adobe Type Manager Library. Moreover, according to their information, some attackers are already exploiting them in targeted attacks. On April 14, Microsoft released security updates that address these vulnerabilities. What is Adobe Type Manager Library and how is it vulnerable There were … [Read more...] about Zero-day RCE vulnerabilities in Windows Adobe Type Manager Library actively exploited
Chrome zero-day vulnerability | Kaspersky official blog
Thanks to the Kaspersky Exploit Prevention subsystem in our products, we recently detected an exploit — a malicious program letting attackers gain unauthorized access to the computer — through a vulnerability in the Google Chrome browser. It used a zero-day vulnerability, that is, one that was yet unknown to the developers. It was assigned the identifier CVE-2019-13720. We … [Read more...] about Chrome zero-day vulnerability | Kaspersky official blog
Researcher Drops phpMyAdmin Zero-Day Affecting All Versions
A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin—one of the most popular applications for managing the MySQL and MariaDB databases.phpMyAdmin is a free and open source administration tool for MySQL and MariaDB that's widely used to manage the database for websites created with WordPress, Joomla, and … [Read more...] about Researcher Drops phpMyAdmin Zero-Day Affecting All Versions
Firefox Releases Critical Patch Update to Stop Ongoing Zero-Day Attacks
If you use the Firefox web browser, you need to update it right now.Mozilla earlier today released Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch a critical zero-day vulnerability in the browsing software that hackers have been found exploiting in the wild.Discovered and reported by Samuel Groß, a cybersecurity researcher at Google Project Zero, the vulnerability could … [Read more...] about Firefox Releases Critical Patch Update to Stop Ongoing Zero-Day Attacks
Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw
An anonymous security researcher going by the name of SandboxEscaper today publicly shared a second zero-day exploit that can be used to bypass a recently patched elevation of privilege vulnerability in the Microsoft Windows operating system.SandboxEscaper is known for publicly dropping zero-day exploits for unpatched Windows vulnerabilities. In the past year, the hacker has … [Read more...] about Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw
Hacker Disclosed 3 Unpatched Microsoft Zero-Day Exploits In Less Than 24 Hours
Less than 24 hours after publicly disclosing an unpatched zero-day vulnerability in Windows 10, the anonymous hacker going by online alias "SandboxEscaper" has now dropped new exploits for two more unpatched Microsoft zero-day vulnerabilities.The two new zero-day vulnerabilities affect Microsoft's Windows Error Reporting service and Internet Explorer 11.Just yesterday, while … [Read more...] about Hacker Disclosed 3 Unpatched Microsoft Zero-Day Exploits In Less Than 24 Hours