Apple Patches Multiple Vulnerabilities in macOS Big Sur and macOS Monterey including One Zero-day (CVE-2022-32894)

Apple has released security updates to address multiple vulnerabilities in macOS Big Sur and macOS Monterey. The vulnerability that Apple said is being exploited in the wild is CVE-2022-32894.    This is an out-of-bounds write flaw that could allow an attacker to execute an arbitrary code with kernel privileges. The vulnerability was reported by an … Continue reading “Apple Patches Multiple Vulnerabilities in macOS Big Sur and macOS Monterey including One Zero-day (CVE-2022-32894)”

Google Chrome Releases Fix for the Zero-day Vulnerability (CVE-2022-3075)

Google has released the latest Chrome version to address a zero-day vulnerability (CVE-2022-3075). Google has rated this vulnerability as high severity and acknowledged that it has been actively exploited in the wild.    This high severity vulnerability exists due to insufficient data validation in Mojo, which is a group of runtime libraries that offer a … Continue reading “Google Chrome Releases Fix for the Zero-day Vulnerability (CVE-2022-3075)”

Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2022-2294)

Google has released security updates for its Windows and Android users to address a high-severity, zero-day vulnerability in its Chrome browser. The vulnerability was discovered by Jan Vojtesek from the Avast Threat Intelligence team on 1st July. Tracked as CVE-2022-2294, the vulnerability is a heap-based buffer overflow vulnerability in the WebRTC (Web Real-Time Communications) component. This … Continue reading “Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2022-2294)”

Atlassian Confluence Server and Confluence Data Center Zero-day Remote Code Execution Vulnerability (CVE-2022-26134)

Atlassian released a security advisory on June 2nd, 2022, explaining a zero-day unauthenticated remote code execution vulnerability (CVE-2022-26134) in Confluence Server and Data Center. This remote code execution vulnerability was observed over the Memorial Day weekend in the United States by the Volexity incident response team. The vulnerability is being actively exploited in the wild … Continue reading “Atlassian Confluence Server and Confluence Data Center Zero-day Remote Code Execution Vulnerability (CVE-2022-26134)”

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (CVE-2022-30190)

Security researchers have discovered a new zero-day vulnerability in Microsoft Office, via Microsoft Support Diagnostic Tool (MSDT), that could be exploited to achieve code execution on affected systems simply by opening a malicious Word document.     The vulnerability, tracked as CVE-2022-30190, was discovered by a Japanese security researcher nao_sec, who tweeted a warning about the … Continue reading “Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (CVE-2022-30190)”

Nginx Zero-Day Remote Code Execution Vulnerability

A new zero-day vulnerability has been discovered in the Nginx LDAP-auth daemon implementation, which allows remote code execution on a vulnerable system.    Nginx is an open-source HTTP and reverses proxy server, a mail proxy server, and a generic TCP/UDP proxy server. Large numbers of servers use Nginx as a load balancer.     The … Continue reading “Nginx Zero-Day Remote Code Execution Vulnerability”

Spring Framework Zero-Day Remote Code Execution (Spring4Shell) Vulnerability

Update: On March 31, Spring provided official confirmation and CVE-2022-22965 is now assigned to this vulnerability. Qualys Research Team has released QIDs as of March 30 and will keep updating those QIDs as new information is available. On March 30, a new zero-day Remote Code Execution (RCE) vulnerability, “Spring4Shell” or “SpringShell” was disclosed in the Spring framework. An … Continue reading “Spring Framework Zero-Day Remote Code Execution (Spring4Shell) Vulnerability”

Google Chrome Releases Fix to Address Zero-day Vulnerability – CVE-2022-1096

Google has released an emergency update to address a high-severity zero-day vulnerability – CVE-2022-109). The vulnerability, reported by an anonymous security researcher, is said to be exploited in the wild.   This zero-day vulnerability is a type-confusion flaw in the Chrome V8 JavaScript engine. A type-confusion error arises when a resource (e.g., a variable or … Continue reading “Google Chrome Releases Fix to Address Zero-day Vulnerability – CVE-2022-1096”

Apache Log4j2 Zero-day Remote Code Execution Vulnerability Exploited in the Wild (CVE-2021-44228)

A remote code execution vulnerability in Apache Log4j2 was discovered on the Internet on December 9, 2021, and is actively being exploited in the wild. In Apache Log4j2, attackers can create customized requests to execute remote code. Users are recommended to examine related vulnerabilities as soon as possible due to the wide spectrum of impact … Continue reading “Apache Log4j2 Zero-day Remote Code Execution Vulnerability Exploited in the Wild (CVE-2021-44228)”

Grafana Releases Fix for Zero-day Vulnerability Exploited in the Wild (CVE-2021-43798)

Grafana Labs released an emergency security upgrade to fix a zero-day flaw that permitted remote access to local files. Security researchers released proof-of-concept code to exploit the flaw over the weekend. Before Grafana Labs gave out patches for affected versions 8.0.0-beta1 through 8.3.0, details regarding the issue became public earlier this week.    Tracked as CVE-2021-43798, this is … Continue reading “Grafana Releases Fix for Zero-day Vulnerability Exploited in the Wild (CVE-2021-43798)”