Articles about patches

Hammer and Nails

Rowhammer returns, Spectre fix unfixed, Wireguard makes a new friend, and much more

Roundup This week we dealt with buggered bookies, trouble at Ticketmaster, and a compromised Linux build from Gentoo. Here's what else went down during the week. Trustwave sued Some breaking news as we were typing away: two insurance companies, Lexington Insurance Co and Beazley Insurance Co in the US, are suing infosec biz Trustwave …
Shaun Nichols, 30 Jun 2018
A security guard asleep

Sophos SafeGuard anything but – thanks to 7 serious security bugs

Companies running Sophos security clients will want to update their software following the disclosure of seven privilege escalation flaws in the security suite. Sophos says its SafeGuard Enterprise Client, LAN Crypt client and Easy software on Windows are all vulnerable to the bugs, which can be exploited by an attacker to run …
Shaun Nichols, 26 Jun 2018
A screen door being repaired

Stop us if you've heard this one: Adobe Flash gets emergency patch for zero-day exploit

Adobe has kicked out an out-of-band update for a security vulnerability in Flash – after learning the bug was being actively exploited in the wild by hackers to hijack PCs. The Photoshop giant said today its Flash Player 30.0.0.113 update should be a top installation priority for Mac, Windows, and Linux systems. One of the …
Shaun Nichols, 7 Jun 2018
Cats eyes behind a zip

Loose .zips sink chips: How poisoned archives can hack your computer

Video Booby-trapped archive files can exploit vulnerabilities in a swath of software to overwrite documents and data elsewhere on a computer's file system – and potentially execute malicious code. Specifically, the flaws, dubbed "Zip Slip" by its discoverers at security outfit Snyk, are path traversals that can potentially be …
Shaun Nichols, 5 Jun 2018
Nexus 5X

It's August 2017 and your Android gear can be pwned by, oh look, just patch the things

Android users should be expecting a security update to land for the mobile operating system in short order, as Google has issued fixes for 99 CVE-listed programming cockups. This month's update has been released for the Pixel and Nexus lines and kicked out to other manufacturers and carriers, which will post their own updates …
Shaun Nichols, 9 Aug 2017

Adobe will kill Flash by 2020: No more updates, support, tears, pain...

Adobe has officially set a kill date for its beleaguered Flash. The Photoshop giant said today it plans to end support for the hacker-prone multimedia browser plugin by the end of 2020. This means no more updates for Flash Player after that date and the end of support on many browsers, including Chrome, Internet Explorer and …
Shaun Nichols, 25 Jul 2017

Why can't you install Windows 10 Creators Update on your old Atom netbook? Because Intel stopped loving you

Microsoft has blamed Intel for the sad trail of low-end PCs left out of the Windows 10 Creators Update rollouts. The Redmond giant says its latest flavor of Windows can't support machines powered by Intel's Atom Cloverview processor family because Chipzilla has stopped supporting those chips. Without Intel providing firmware …
Shaun Nichols, 20 Jul 2017

Don't panic, but Linux's Systemd can be pwned via an evil DNS query

Systemd, the Linux world's favorite init monolith, can be potentially crashed or hijacked by malicious DNS servers. Patches are available to address the security flaw, and should be installed ASAP if you're affected. Looking up a hostname from a vulnerable Systemd-powered PC, handheld, gizmo or server can be enough to trigger …
Shaun Nichols, 29 Jun 2017
Image by KUCO http://www.shutterstock.com/gallery-111070p1.html

What is this bullsh*t, Google? Nexus phones starved of security fixes after just three years

Google has published timelines for when it will kill off security patches for its Nexus-branded Android line. In a quiet update just before the weekend, the Chocolate Factory revealed both the Nexus 6 and Nexus 9 will no longer receive guaranteed security updates as of October of this year. The Nexus 6P and 5X will stop …
Shaun Nichols, 1 May 2017
Netgear R8000 router

WTF is your problem, Netgear? Another hijack hole found in its routers

Researchers are warning of a serious security hole that can be exploited to hijack potentially hundreds of thousands of Netgear routers. The programming blunder allows an attacker with access to the router to harvest the administrator access password. A victim could visit a malicious webpage that uses JavaScript to exploit the …
Shaun Nichols, 31 Jan 2017

Don't have a Dirty COW, man: Android gets full kernel hijack patch

Google has posted an update for Android that, among other fixes, officially closes the Dirty COW vulnerability. The December 2016 update covers a total of 74 CVE-listed security vulnerabilities in Android devices. These fixes should be landing on Nexus handsets devices very soon, if not already, and installed as soon as …
Shaun Nichols, 7 Dec 2016

The big day is here and it's time to decide: Patch Flash, Windows, Office or Android first?

Today is the second Tuesday of the month, and that means a fresh round of security updates from the likes of Microsoft, Adobe and Google. The November edition of Patch Tuesday brings with it fixes for Windows, Flash Player, Internet Explorer, Edge, Office and Android. For Microsoft, the monthly update comprises a total of 14 …
Shaun Nichols, 8 Nov 2016

Microsoft puts Windows Updates on a diet with 'differential downloads'

Microsoft will begin public trials of a new update system it says will dramatically reduce the size of Windows updates. The Unified Update Platform (UUP) will be available to Windows Insider users with the Windows 10 14959 build, and will eventually be offered to all supported versions of Windows on PCs, tablets, phones, …
Shaun Nichols, 3 Nov 2016

Dirty COW explained: Get a moooo-ve on and patch Linux root hole

Code dive Patch your Linux-powered systems, phones and gadgets as soon as possible, if you can, to kill off a kernel-level flaw affecting nearly every distro of the open-source operating system. Dubbed Dirty COW, the privilege-escalation vulnerability potentially allows any installed application, or malicious code smuggled onto a box, …
Shaun Nichols, 21 Oct 2016

Telnet, SSH prod of death smashes Cisco broadband boxes offline

Cisco has issued six software updates to address security vulnerabilities in its networking products, ranging from denial of service conditions to authentication bypasses. The most serious of the flaws is the authentication bypass hole in the Cisco Meeting Server. Cisco warns that, due to improper handling of XMPP messaging, a …
Shaun Nichols, 12 Oct 2016
Joey from the sitcom friends pokes his head around the door (invasively). Photo copyright NBC

Cisco snaps shut remote pwnage hole in Cloud Services Platform

Cisco has provided a patch to address a remote hijacking vulnerability in its Cloud Services Platform (CSP). Switchzilla said that all customers who run CSP 2100 software should install the 2.1.0 update to close a remote code execution flaw it considers to be a high security risk. Designed as an efficient way to manage …
Shaun Nichols, 21 Sep 2016
Man flexing for webcam

Windows 10 Anniversary Update completely borks USB webcams. Yay.

Microsoft says a fix is on the way for a video encoding issue in the Windows 10 Anniversary Update that has left people unable to access their USB webcams and applications. Multiple peeps and developers have reported issues with their cameras or software not working following the installation of the Windows 10 Anniversary …
Shaun Nichols, 19 Aug 2016
danger

Attention, small biz using Symantec AV: Smash up your PCs, it's the safest thing to do

If you're using Symantec's Endpoint Protection Small Business Edition (SEP SBE) then you can forget about security for a week or so, as the company won't be patching the "as bad as it gets" security holes in its software for a while. A Register reader who wishes to remain anonymous received an email from Symantec confirming …
Iain Thomson, 6 Jul 2016

Create a news alert about patches, or find more stories about patches.

Biting the hand that feeds IT © 1998–2018