Articles about patches

macOS Sierra

Apple gets around to patching all the other High Sierra security holes

Apple has released a security update to address nearly two dozen vulnerabilities in macOS High Sierra. The update comes little more than a week after Apple had to kick out an emergency fix to close up a glaring hole in macOS that allowed anyone with access to a Mac (either in person or remote) to bypass the login screen and …
Shaun Nichols, 7 Dec 2017

As Apple fixes macOS root password hole, here's what went wrong

Code dive Apple has emitted an emergency software patch to address the trivial to exploit vulnerability in macOS High Sierra, version 10.13.1, that allowed miscreants to log into Macs as administrators without passwords and let any app gain root privileges. The Cupertino iPhone giant kicked out the fix, Security Update 2017-001, today …
Shaun Nichols, 29 Nov 2017
Larry Ellison on stage at Oracle's cloud pricing announcement

Oracle scrambles to sew up horrid security holes in PeopleSoft's Tuxedo

Oracle has published an out-of-band software update to address a handful of security flaws in parts of the PeopleSoft HR software. The House of Larry said this week the five CVE-listed vulnerabilities all sit within the Jolt component of Tuxedo, an application server used by PeopleSoft to handle non-Java applications. "Since …
Shaun Nichols, 16 Nov 2017
Android logo

KRACK whacked, media playback holes packed, other bugs go splat in Android patch pact

Google has released its November security update for Android, addressing a bag of security holes. You should install them as soon as they are available for your phone, tablet and other gadgets. Depending on your mobile carrier and device manufacturer, they may arrive immediately, soon, late or never. Among the holes covered …
Shaun Nichols, 7 Nov 2017
IK Multimedia AmpliTube on GarageBand

GarageBanned: Apple's music app silenced in iOS 11 iCloud blunder

Apple is working on a fix for a bug in iOS 11 that prevents some peeps from running GarageBand. The iPhone maker says fans have reported the music-making application no longer launches properly after installing the new iOS update with iCloud integration switched on. Disabling iCloud access for GarageBand, through the iCloud …
Shaun Nichols, 13 Oct 2017
A man reading a bad document

It's 2017... And Windows PCs can be pwned via DNS, webpages, Office docs, fonts – and some TPM keys are fscked too

Microsoft today released patches for more than 60 CVE-listed vulnerabilities in its software. Meanwhile, Adobe is skipping October's Patch Tuesday altogether. Among the latest holes that need papering over via Windows Update are three vulnerabilities already publicly disclosed – with one being exploited right now by hackers to …
Shaun Nichols, 10 Oct 2017
iPhone 8 and 8 Plus

Snap, crackle ... patch! Apple kicks out iOS 11.0.2 to tackle crappy calls, fix email glitches

Apple has pushed out a software update to address the handful of bugs that were nagging its latest iPhone models and flavor of iOS. The iOS 11.0.2 release consists of a trio of fixes that were reported by fans shortly after the arrival of version 11.0 of the operating system and iPhone 8 and 8 Plus last month. Most notably, …
Shaun Nichols, 4 Oct 2017

Nasty firmware update butchers Samsung smart TVs so bad, they have to be repaired

Owners of Samsung smart TVs say their swish sets are basically unusable after a bungled firmware update. In fact, the update was so bad, it looks as though it will require people to send or bring their televisions back to base for repair to correct the cockup. Folks on Samsung UK's support forums report that an update …
Shaun Nichols, 24 Aug 2017
An empty courtroom

US court system bug opened hole for hackers to scoop up legal docs for free on victims' dime

A cross-site forgery vulnerability in the American court system's document archive PACER has been fixed. The bug could have been exploited to hijack accounts and retrieve civil and criminal lawsuit files on victims' dime. PACER, run by the Administrative Office of the US Courts, is a massive searchable trove of records, …
Shaun Nichols, 9 Aug 2017
Nexus 5X

It's August 2017 and your Android gear can be pwned by, oh look, just patch the things

Android users should be expecting a security update to land for the mobile operating system in short order, as Google has issued fixes for 99 CVE-listed programming cockups. This month's update has been released for the Pixel and Nexus lines and kicked out to other manufacturers and carriers, which will post their own updates …
Shaun Nichols, 9 Aug 2017

Adobe will kill Flash by 2020: No more updates, support, tears, pain...

Adobe has officially set a kill date for its beleaguered Flash. The Photoshop giant said today it plans to end support for the hacker-prone multimedia browser plugin by the end of 2020. This means no more updates for Flash Player after that date and the end of support on many browsers, including Chrome, Internet Explorer and …
Shaun Nichols, 25 Jul 2017

Why can't you install Windows 10 Creators Update on your old Atom netbook? Because Intel stopped loving you

Microsoft has blamed Intel for the sad trail of low-end PCs left out of the Windows 10 Creators Update rollouts. The Redmond giant says its latest flavor of Windows can't support machines powered by Intel's Atom Cloverview processor family because Chipzilla has stopped supporting those chips. Without Intel providing firmware …
Shaun Nichols, 20 Jul 2017

Don't panic, but Linux's Systemd can be pwned via an evil DNS query

Systemd, the Linux world's favorite init monolith, can be potentially crashed or hijacked by malicious DNS servers. Patches are available to address the security flaw, and should be installed ASAP if you're affected. Looking up a hostname from a vulnerable Systemd-powered PC, handheld, gizmo or server can be enough to trigger …
Shaun Nichols, 29 Jun 2017
Image by KUCO http://www.shutterstock.com/gallery-111070p1.html

What is this bullsh*t, Google? Nexus phones starved of security fixes after just three years

Google has published timelines for when it will kill off security patches for its Nexus-branded Android line. In a quiet update just before the weekend, the Chocolate Factory revealed both the Nexus 6 and Nexus 9 will no longer receive guaranteed security updates as of October of this year. The Nexus 6P and 5X will stop …
Shaun Nichols, 1 May 2017
Netgear R8000 router

WTF is your problem, Netgear? Another hijack hole found in its routers

Researchers are warning of a serious security hole that can be exploited to hijack potentially hundreds of thousands of Netgear routers. The programming blunder allows an attacker with access to the router to harvest the administrator access password. A victim could visit a malicious webpage that uses JavaScript to exploit the …
Shaun Nichols, 31 Jan 2017

Don't have a Dirty COW, man: Android gets full kernel hijack patch

Google has posted an update for Android that, among other fixes, officially closes the Dirty COW vulnerability. The December 2016 update covers a total of 74 CVE-listed security vulnerabilities in Android devices. These fixes should be landing on Nexus handsets devices very soon, if not already, and installed as soon as …
Shaun Nichols, 7 Dec 2016

The big day is here and it's time to decide: Patch Flash, Windows, Office or Android first?

Today is the second Tuesday of the month, and that means a fresh round of security updates from the likes of Microsoft, Adobe and Google. The November edition of Patch Tuesday brings with it fixes for Windows, Flash Player, Internet Explorer, Edge, Office and Android. For Microsoft, the monthly update comprises a total of 14 …
Shaun Nichols, 8 Nov 2016

Microsoft puts Windows Updates on a diet with 'differential downloads'

Microsoft will begin public trials of a new update system it says will dramatically reduce the size of Windows updates. The Unified Update Platform (UUP) will be available to Windows Insider users with the Windows 10 14959 build, and will eventually be offered to all supported versions of Windows on PCs, tablets, phones, …
Shaun Nichols, 3 Nov 2016

Create a news alert about patches, or find more stories about patches.

Biting the hand that feeds IT © 1998–2017