VMware Workstation and VMware Fusion Zero-day Vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, & CVE-2023-20872)

VMware has released a security advisory to address four vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, & CVE-2023-20872). Out of this, two vulnerabilities can be chained to perform remote code execution on the vulnerable Workstation and Fusion software hypervisors.  On the second day of the Pwn2Own Vancouver 2023 hacking competition, the security researchers from the STAR Labs team … Continue reading “VMware Workstation and VMware Fusion Zero-day Vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, & CVE-2023-20872)”

Mozilla Releases Patches for Two Zero-day Vulnerabilities Affecting Firefox and Thunderbird (CVE-2022-1802, CVE-2022-1529)

Mozilla has released a security patch to address two zero-day vulnerabilities (CVE-2022-1802 and CVE-2022-1529) exploited during the Pwn2Own Vancouver 2022 hacking contest. Successful exploitation of these vulnerabilities allows attackers to get JavaScript code execution on mobile and desktop devices running vulnerable versions of Firefox, Firefox ESR, Firefox for Android, and Thunderbird.    The ability to … Continue reading “Mozilla Releases Patches for Two Zero-day Vulnerabilities Affecting Firefox and Thunderbird (CVE-2022-1802, CVE-2022-1529)”

Apple Releases Emergency Updates for Two Zero-Day Vulnerabilities (CVE-2022-22674 & CVE-2022-22675)

Apple has released security updates to patch two zero-day vulnerabilities (CVE-2022-22674 and CVE-2022-22675) exploited by attackers to hack iPhones, iPads, and Macs. Apple revealed active exploitation in the wild but did not provide any other information about the attacks.     Withholding this information should allow security patches to reach as many iPhones, iPads, and Macs … Continue reading “Apple Releases Emergency Updates for Two Zero-Day Vulnerabilities (CVE-2022-22674 & CVE-2022-22675)”

Mozilla Firefox Releases Updates to Address Two Zero-day Vulnerabilities (CVE-2022-26485 & CVE-2022-26486)

Firefox is a free and open-source web browser for Windows, OS X, and Linux, as well as an Android mobile version.   Mozilla has released out-of-band software upgrades for its Firefox web browser to address two high-impact security flaws. According to the advisory, both vulnerabilities were actively exploited in the wild.    Mozilla has patched … Continue reading “Mozilla Firefox Releases Updates to Address Two Zero-day Vulnerabilities (CVE-2022-26485 & CVE-2022-26486)”

CISA releases deadline for patching Google Chrome and Adobe Magneto zero-day vulnerabilities (CVE-2022-24086 & CVE-2022-0609)

The US Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its list of regularly exploited vulnerabilities. This list includes two zero-days that affect Google Chrome and Adobe Commerce/Magento Open Source.    CISA stated that until March 1st, 2022, all Federal Civilian Executive Branch Agencies (FCEB) must install patches for these two … Continue reading “CISA releases deadline for patching Google Chrome and Adobe Magneto zero-day vulnerabilities (CVE-2022-24086 & CVE-2022-0609)”

Apple releases security updates to fix severe vulnerabilities including two zero-day exploits

Apple has released a security update to address various previously exploited vulnerabilities including one exploited in the wild. The security update covers the serious security bugs in macOS and iOS/iPadOS.  The first zero-day (CVE-2022-22587) is a memory corruption flaw that a malicious app might use to run arbitrary code with kernel privileges. The vulnerability affects … Continue reading “Apple releases security updates to fix severe vulnerabilities including two zero-day exploits”

Google Chrome releases emergency updates to address two zero-day vulnerabilities (CVE-2021-38000 and CVE-2021-38003)

Google released an emergency update for its Chrome web browser on Thursday. According to the company, this update includes fixes for two zero-day vulnerabilities (CVE-2021-38000 and CVE-2021-38003) that are being actively exploited in the wild. The new 95.0.4638.69 version is available for Windows, Mac, and Linux and addresses seven vulnerabilities, including these two zero-days.    “Google is aware that exploits for CVE-2021-38000 and … Continue reading “Google Chrome releases emergency updates to address two zero-day vulnerabilities (CVE-2021-38000 and CVE-2021-38003)”

Apple releases emergency update to address the arbitrary code execution zero-day vulnerability (CVE-2021-30883)

On Monday, Apple released an iPhone security update to fix a major vulnerability that is being exploited in the wild. With the latest patch, the corporation has now resolved a total of 17 zero-days in 2021 – a new high.    The vulnerability CVE-2021-30883 involves a memory corruption flaw in the IOMobileFrameBuffer component. This flaw allows an application to run arbitrary … Continue reading “Apple releases emergency update to address the arbitrary code execution zero-day vulnerability (CVE-2021-30883)”

Apache fixes the HTTP Path Traversal Vulnerability (CVE-2021-41773)

Apache Software Foundation has published HTTP Web Server version 2.4.50 to fix the CVE-2021-41773 vulnerability in Apache Server version 2.4.49. This is a path traversal and file disclosure flaw that could allow attackers to gain access to sensitive data, and according to the report, is being actively exploited. The Apache HTTP Server is a cross-platform, … Continue reading “Apache fixes the HTTP Path Traversal Vulnerability (CVE-2021-41773)”

Apple macOS Finder Remote Code Execution Zero-Day Vulnerability

A zero-day security flaw in Apple’s macOS Finder system has been detected. This vulnerability allows remote attackers to fool users into running arbitrary commands. Zero-day vulnerabilities are defects that have been publicly published but have not yet been patched by the vendor. These vulnerabilities are sometimes actively exploited by attackers or have publicly available proof-of-concept exploits. … Continue reading “Apple macOS Finder Remote Code Execution Zero-Day Vulnerability”