Apple has released security advisories to address a vulnerability in WebKit. The vulnerability has been assigned with the CVE-2023-23529. It affects multiple devices, including macOS, iPadOS, and iOS. Apple has mentioned in its advisory that they are aware of a report that the CVE-2023-23529 may have been actively exploited. The zero-day vulnerability might be used … Continue reading “Apple Patches Zero-day Vulnerability in WebKit (CVE-2023-23529)”
Tag: Zero-day Vulnerability
Citrix Application Delivery Controller (ADC) and Citrix Gateway Arbitrary Code Execution Vulnerability (CVE-2022-27518)
Citrix has released patches for an actively exploited zero-day vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway. Tracked as CVE-2022-27518, this critical vulnerability could allow arbitrary code execution on the vulnerable system on successful exploitation. Citrix states in the blog, “We are aware of a small number of targeted attacks in the … Continue reading “Citrix Application Delivery Controller (ADC) and Citrix Gateway Arbitrary Code Execution Vulnerability (CVE-2022-27518)”
Google Releases Emergency Update to Fix Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2022-4262)
Chrome has released security updates for Windows, Mac, and Linux to fix the zero-day vulnerability. Tracked as CVE-2022-4262, it is a type confusion vulnerability in the V8 JavaScript engine. Clement Lecigne of Google’s Threat Analysis Group has reported this vulnerability. Google has acknowledged the active exploitation of this vulnerability in the wild. … Continue reading “Google Releases Emergency Update to Fix Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2022-4262)”
Google Releases Patch for an Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2022-4135)
Google has released an update for Chrome browser on Windows, Mac, and Linux to address a high-severity zero-day vulnerability (CVE-2022-4135). The vulnerability was discovered by Clement Lecigne of Google’s Threat Analysis Group. “Google is aware that an exploit for CVE-2022-4135 exists in the wild.”, says the advisory released by Google on November 24, 2022. … Continue reading “Google Releases Patch for an Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2022-4135)”
Google Patches Zero-day vulnerability in Chrome Browser (CVE-2022-3723)
Google released patches to address a zero-day vulnerability in the Chrome browser. Tracked as CVE-2022-3723, it is a high-severity vulnerability in the Chrome V8 JavaScript engine. The vulnerability was discovered and reported by Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast. “Google is aware of reports that an exploit for CVE-2022-3723 exists in the … Continue reading “Google Patches Zero-day vulnerability in Chrome Browser (CVE-2022-3723)”
Microsoft Exchange Server Zero-day Vulnerabilities (CVE-2022-41040 and CVE-2022-41082) (ProxyNotShell)
Vietnamese cybersecurity outfit GTSC has reported two critical vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 via the Zero-day initiative (ZDI-CAN-18333 and ZDI-CAN-18802). The first flaw (CVE-2022-41040) is a Server-Side Request Forgery (SSRF) vulnerability. The second flaw (CVE-2022-41082) allows remote code execution (RCE) when PowerShell is accessible to the attacker. Microsoft has mentioned in … Continue reading “Microsoft Exchange Server Zero-day Vulnerabilities (CVE-2022-41040 and CVE-2022-41082) (ProxyNotShell)”
Trend Micro Patches Multiple Vulnerabilities in Apex One (On-Premise) Including One Zero-day (CVE-2022-40139)
Trend Micro has released a security advisory addressing multiple vulnerabilities (CVE-2022-40140, CVE-2022-40141, CVE-2022-40142, CVE-2022-40143, CVE-2022-40144) in Apex One (On-Premise) and Apex One as a Service. The advisory states, “Trend Micro has observed at least one active attempt of potential exploitation of CVE-2022-40139 in the wild.” It typically takes physical or remote access to a … Continue reading “Trend Micro Patches Multiple Vulnerabilities in Apex One (On-Premise) Including One Zero-day (CVE-2022-40139)”
Apple Patches Multiple Vulnerabilities in macOS Big Sur and macOS Monterey including One Zero-day (CVE-2022-32894)
Apple has released security updates to address multiple vulnerabilities in macOS Big Sur and macOS Monterey. The vulnerability that Apple said is being exploited in the wild is CVE-2022-32894. This is an out-of-bounds write flaw that could allow an attacker to execute an arbitrary code with kernel privileges. The vulnerability was reported by an … Continue reading “Apple Patches Multiple Vulnerabilities in macOS Big Sur and macOS Monterey including One Zero-day (CVE-2022-32894)”
Google Chrome Releases Fix for the Zero-day Vulnerability (CVE-2022-3075)
Google has released the latest Chrome version to address a zero-day vulnerability (CVE-2022-3075). Google has rated this vulnerability as high severity and acknowledged that it has been actively exploited in the wild. This high severity vulnerability exists due to insufficient data validation in Mojo, which is a group of runtime libraries that offer a … Continue reading “Google Chrome Releases Fix for the Zero-day Vulnerability (CVE-2022-3075)”
Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2022-2294)
Google has released security updates for its Windows and Android users to address a high-severity, zero-day vulnerability in its Chrome browser. The vulnerability was discovered by Jan Vojtesek from the Avast Threat Intelligence team on 1st July. Tracked as CVE-2022-2294, the vulnerability is a heap-based buffer overflow vulnerability in the WebRTC (Web Real-Time Communications) component. This … Continue reading “Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2022-2294)”