Articles about patches

I found a security hole in Steam that gave me every game's license keys and all I got was this... oh nice: $20,000

A bloke has told how he discovered a bug in Valve's Steam marketplace that could have been exploited by thieves to steal game license keys and play pirated titles. Researcher Artem Moskowsky told The Register earlier this week that he stumbled across the vulnerability – which earned him a $20,000 bug bounty for reporting it – …
Shaun Nichols, 9 Nov 2018

Vulns in online shopping toolkit WooCommerce can blast a hole in your WordPress security

Updated A vulnerability in the WooCommerce online store platform, used by over four million vendors, can be exploited to hijack WordPress installations hosting the software. Researchers at RIPSTech discovered and reported the flaw directly to WooCommerce's developers, who cleaned up the bug in version 3.4.6 – so make sure you're …
Shaun Nichols, 7 Nov 2018
Shutterstock image of Android mascot on a laptop

Android fans get fat November security patch bundle – if the networks or mobe makers are kind enough to let 'em have it

Google today pushed out the November edition of its monthly Android security updates, giving carriers and device makers a fresh set of patches to install. Fingers cross the patches are rolled out to you ASAP. The November bulletin contains fixes for three remote code execution flaws as well as a number of information …
Shaun Nichols, 6 Nov 2018
Sad penguin photo via Shutterstock

The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

A security bug in Systemd can be exploited over the network to, at best, potentially crash a vulnerable Linux machine, or, at worst, execute malicious code on the box. The flaw therefore puts Systemd-powered Linux computers – specifically those using systemd-networkd – at risk of remote hijacking: maliciously crafted DHCPv6 …
Shaun Nichols, 26 Oct 2018
People working with a crane

What a crane in the ass: Bug leaves construction machinery vulnerable to evil command injection

US-CERT is advising some customers of Telecrane construction cranes to patch their control systems – following the disclosure of a security bug that could allow a nearby attacker to wirelessly hijack the equipment. The government security body this week issued an alert on CVE-2018-17935, a vulnerability in the Telecrane F25 …
Shaun Nichols, 25 Oct 2018
acrobatic yoga performed by man sliding down fabric

Haven't updated your Adobe PDF software lately? Here's 85 new reasons to do it now

Adobe has posted an update to address 85 CVE-listed security vulnerabilities in Acrobat and Reader for both Windows and macOS. The PDF apps have received a major update that includes dozens of fixes for flaws that would allow for remote code execution attacks if exploited. Other possible attacks include elevation of privilege …
Shaun Nichols, 2 Oct 2018
MacOS Mojave

Apple's dark-horse macOS Mojave is out (and it's already pwned)

Apple has posted the annual full overhaul of the Mac operating system, this time focusing on a redesign of the look and feel of the interface. The 10.14 incarnation of macOS, known as Mojave, has been released into general availability. It includes new features, interface updates, and security patches – though at least one …
Shaun Nichols, 24 Sep 2018
Image by Daniel Wiedemann http://www.shutterstock.com/gallery-89719p1.html

NUUO, do not want! CCTV webcams can be hacked to spy on you

Researchers have uncovered two flaws that leave more than 100,000 NUUO-powered internet-connected surveillance cameras open to remote takeover. Tenable Research on Monday laid claim to discovering two bugs in NUUO's Network Video Recorder firmware that can be exploited to covertly access a camera's video feed or simply take …
Shaun Nichols, 17 Sep 2018
mountain

Docker fave Alpine Linux suffers bug miscreants can exploit to poison containers

An infosec bod has documented a remote-code execution flaw in Alpine Linux, a distro that pops up a lot in Docker containers. Max Justicz, researcher and creator of crowd-sourced bug bounty system Bountygraph, said on Thursday that the vulnerability could be exploited by someone with man-in-the-middle (MITM) network access, or …
Shaun Nichols, 15 Sep 2018
Blurry image of people

Cisco loses focus over TelePresence blurry videoconferencing bug

Have you noticed that your big expensive Cisco TelePresence unit seems like it needs a pair of glasses? You're not alone. Switchzilla is advising companies using two of the older models of its video conferencing system to install software update to address a defect in the camera that leaves users with a blurry picture. cisco …
Shaun Nichols, 12 Sep 2018

When is a patch not a patch? When it's for this McAfee password bug

A privilege escalation flaw in McAfee's True Key software remains open to exploitation despite multiple attempts to patch it. This according to researchers with security shop Exodus Intel, who claim that CVE-2018-6661 was not fully addressed with either of the two patches McAfee released for it. The flaw is an elevation of …
Shaun Nichols, 11 Sep 2018
phishing

Safari, Edge fans: Is that really the website you think you're visiting? URL spoof bug blabbed

A security researcher has disclosed a bug that could be abused to spoof website addresses in either Edge or Safari. Rafay Baloch told The Register that while Microsoft has since patched the flaw (CVE-2018-8383) in its browser, Apple has been dragging its feet on a fix for Safari for weeks, and the browser remains vulnerable …
Shaun Nichols, 11 Sep 2018
Pixellated Facebook thumb

Now that's a fortune cookie! Facebook splats $5k command-injection bug in one of its servers

Facebook has patched a remote-code execution flaw discovered in one of its servers. Researcher Daniel 'Blaklis' Le Gall, of SCRT Information Security, said on Friday he bagged a $5,000 bug bounty from the social network for reporting a flaw that could be exploited to execute arbitrary commands using malicious cookies. Though …
Shaun Nichols, 24 Aug 2018
BSOD in Glasgow

Well, can't get hacked if your PC doesn't work... McAfee yanks BSoDing Endpoint Security patch

McAfee has pulled a version of its Endpoint Security software after folks reported the antivirus software was crashing their Windows machines. The security giant said it has taken down the August update for Endpoint Security 10.5.4, and is advising anyone who has downloaded it, but not installed, to hold off installing it. " …
Shaun Nichols, 24 Aug 2018
scream

Oracle: Run, don't walk, to patch this critical Database takeover bug

Oracle is advising customers to update their database software following the discovery and disclosure of a critical remote code execution vulnerability. The flaw, dubbed CVE-2018-3110 was given a CVSS base score of 9.9 (out of 10) and Oracle warns that successful exploit of the bug "can result in complete compromise of the …
Shaun Nichols, 14 Aug 2018
Doctor Nick Riviera

Hey, you know what a popular medical record system doesn't need? 23 security vulnerabilities

Fresh light has been shed on a batch of security vulnerabilities discovered in the widely used OpenEMR medical records storage system. A team of researchers at Project Insecurity discovered and reported the flaws, which were patched last month by the OpenEMR developers in version 5.0.1.4. With the fixes now having been out for …
Shaun Nichols, 7 Aug 2018

Whisk-y business: How Apache OpenWhisk hole left IBM Cloud Functions at risk of hijacking

IBM has patched a critical vulnerability in its Cloud Functions platform that would have allowed miscreants to remotely overwrite customers' code – and execute malicious commands to hijack services. The flaws, designated CVE-2018-11756 and CVE-2018-11757, are actually present in Apache OpenWhisk, a component Big Blue uses to …
Shaun Nichols, 24 Jul 2018
Someone applying security updates

If at first you, er, make things worse, you're probably Microsoft: Bug patch needed patching

A remote code execution vulnerability in the Windows VBScript engine was left open for exploitation for two months after it was supposedly patched. In fact, the fix made things even worse by introducing another remotely exploitable bug in VBScript. This is all according to researchers at Qihoo 360, who today claimed a …
Shaun Nichols, 23 Jul 2018

Create a news alert about patches, or find more stories about patches.

Biting the hand that feeds IT © 1998–2018