Articles about bug

A finger pressing a delete key

Microsoft deletes deleterious file deletion bug from Windows 10 October 2018 Update

The world now knows why last week's Microsoft Windows 10 upgrade deleted unlucky users' files: the software treated the default user directory as ripe for destruction, because it thought the files were elsewhere. The upgrade has since been pulled. Last week, some unfortunate punters who hit the “download” button on the Windows …

Linux kernel 'give me root, now' security hole sighted, dubbed 'Mutagen Astronomy'

A Linux kernel vulnerability that can only be exploited locally is nonetheless proving a bit of a nuisance. It's a classic local privilege escalation bug, dubbed CVE-2018-14634, and lets an intruder or logged-in rogue user obtain root-level control over the machine. Eggheads at cloud security biz Qualys discovered the …
John Leyden, 27 Sep 2018
GHOST vulnerability

Open-source software supply chain vulns have doubled in 12 months

Use of vulnerable open source components has doubled over the last year despite their role in the high profile Equifax mega-breach. Sonatype’s fourth annual Software Supply Chain Report, published on Tuesday (available here, registration required), revealed a 120 per cent rise in the use of vulnerable open source components …
John Leyden, 25 Sep 2018
Mitsubishi Outlander Shutterstock Noraismail

Braking bad: Mitsubishi recalls 68k SUVs over buggy software

Japanese auto maker Mitsubishi has recalled more than 68,000 vehicles in the US affected by two separate software bugs. America's National Highway Traffic Safety Administration (NHTSA) issued two recalls, one affecting more than 59,000 2018-model SUVs because of a bug in the braking system's management unit. Included are 2018 …
Satya Nadella

You're doing open source wrong, Microsoft tsk-tsk-tsks at Google: Chrome security fixes made public too early

A few weeks ago, Google paid Microsoft $7,500 after Redmond's security gurus found, exploited and reported a vulnerability in the Chrome browser – a flaw that would allow malicious webpages to run malware on PCs. Now Microsoft isn't entirely happy with the way Google handled it, and having been schooled a few times on security …
Iain Thomson, 19 Oct 2017

Microsoft's fix for web graphics going AWOL? Disable your antivirus

If Internet Explorer 11 users exist, they may have noticed missing graphics in web apps. Now Microsoft has some free, helpful advice that might restore them: disable your antivirus. Microsoft's Browser Support team noted today that there are three special scenarios where Internet Explorer 11 web graphics elements are missing …
Andrew Silver, 30 Aug 2017

Bad data and new IT system bugs help knock 66% off Provident Financial share price

Software bugs and bad data in a new one-platform-to-rule-them-all IT system contributed heavily to British sub-prime loan firm Provident Financial going into near meltdown. Provident's shares crashed 66 per cent yesterday as the short-term loan company revealed that problems with its new IT system meant it could not collect …
Gareth Corfield, 23 Aug 2017
Bug

Crazy bug of the week: Gnome Files' .MSI parser runs evil VBScripts

Gnome developers, take a bow: a bug in your image thumbnailer has opened up a (not too scary, thankfully) hole for script injection. The security vulnerability was revealed this week by Nils Dagsson Moskopp here, and his advice for users is: “Delete all files in /usr/share/thumbnailers. Do not use GNOME Files. Uninstall any …
chart of Fusion debugging tool

Behold, auto-completing Android bug reports – because you're not very thorough

Auto-completion systems that attempt to finish your sentences when typing text messages or search queries can be a mixed blessing. Often, they save time. But they can also get in the way when they make incorrect guesses about intended input. In the context of software bug reporting, however, auto-completion – adding additional …
Thomas Claburn, 15 May 2017
Angry man on laptop. Illustration via Shutterstock

Cisco boxen hang after 213-and-a-half days

If you're the lucky owner of Cisco Firepower or Adaptive Security Appliance devices, check the version number and see if you need to reboot your kit. Switchzilla has discovered an operational (that is, not security) bug that makes the devices hang after continuous operation for around 18,446,400 seconds (213-and-a-half days …
Poison pill

Sloppy iOS apps expose 'encrypted' user traffic

Seventy-six iOS applications with an accumulated 18 million downloads between them are vulnerable to having their encrypted HTTPS traffic compromised. That's the assertion made by Sudo Security's Will Strafach, who turned up the bugs while developing a scanner to analyse app binaries. Strafach told The Register the problems …
plasters cover arm. photo by shutterstock

Got an OpenBSD Web server? Better patch it

OpenBSD and two of its SSL libraries need patches against a pair of denial-of-service bugs that can crash Web-facing servers. The first is in the operating system's SSL implementation, specifically in the HTTP daemon. An advisory says that daemon can be crashed with repeated SSL renegotiation. A single renegotiation thread, …
Radbot teaser image by Damon Hart-Davis

Testing times: Between some IoT code and a hard place

Radbot Every company has its ups and downs. Those downs could be exploding phones or a sudden unmovable overstock of Clinton merchandise (or conversely an uptick in Trump-the-statesman t-shirt demand). Bigger organisations can better absorb the illness of a member of staff or a surge in demand beyond all expectations, although no one …
Delta Airlines, photo by Lerner Vadim via Shutterstock

Power cut crashes Delta's worldwide flight update systems

Updated A computer outage has caused worldwide delays for thousands of passengers using Delta Airlines. The US carrier tweeted about the issues on Monday morning, blaming delayed and cancelled flights on a “computer outage." Delta, based in Atlanta, Georgia, subsequently blamed the crash on a massive power cut at 2.38am ET (7.38am …
Gavin Clarke, 8 Aug 2016
Mambo Unlimited's gold bug. Pic: Steve Caplin

OpenSSH has user enumeration bug

A bug in OpenSSH allows an attacker to check whether user names are valid on a 'net-facing server - because the Blowfish algorithm runs faster than SHA256/SHA512. The bug hasn't been fixed yet, but in his post to Full Disclosure, Verint developer Eddie Harari says OpenSSH developer Darren Tucker knows about the issue and is …
Bug

SQLite developers need to push the patch

SQLite has pushed out an update to fix a local tempfile bug, to address concerns that the bug could be exploitable beyond the merely local. The bug was found by KoreLogic and reported to the popular open source database project, before being published at Full Disclosure. The issue is that SQLite creates its tempfiles in a …
Lexus screen

Lexus cars suffer Purple Screen of Death – code bug turns the air blue

US owners of later-model Lexus cars have had a frustrating day after an over-the-air update left the entertainment and navigation systems locked in a loop of restarts and flashing purple hues. Lexus has blamed "errant data" that was broadcast to some Lexi sold after 2014, causing the system controlling navigation, audio, …
Iain Thomson, 9 Jun 2016

IBM warns of 'bug poachers' who exploit holes, steal info, demand big bucks

At least 30 companies have been hit in the past year by so-called "bug poaching," where hackers break into corporate servers, steal data, and then demand a fee for showing how it was done. The technique, spotted by IBM's Managed Security Services researchers, involves miscreants breaking into a corp's servers, typically using …
Iain Thomson, 1 Jun 2016

Create a news alert about bug, or find more stories about bug.

Biting the hand that feeds IT © 1998–2018