A researcher affiliated with Trend Micro’s Zero Day Initiative (ZDI) recently disclosed an authenticated Server-Side Request Forgery (SSRF) zero-day vulnerability within the Microsoft Exchange Server. At the time of writing, the vulnerability was not assigned a CVE identifier. The researcher reported that Microsoft has acknowledged the vulnerability. Microsoft does not plan to release an immediate … Continue reading “Microsoft Exchange Server Authenticated SSRF Vulnerability (Zero Day)”
Tag: zero day
Mozilla Patches Zero-day Heap Buffer Overflow Vulnerability (CVE-2023-4863)
Mozilla has released a security patch to address a zero-day vulnerability. Tracked as CVE-2023-4863, the vulnerability is rated as critical. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code or crash the application on devices running vulnerable versions of Firefox, Firefox ESR, and Thunderbird. Earlier this week, Google addressed the CVE … Continue reading “Mozilla Patches Zero-day Heap Buffer Overflow Vulnerability (CVE-2023-4863)”
Apple Patches Actively Exploited Zero-day Vulnerability in macOS Ventura, iOS and iPadOS (CVE-2023-37450)
Apple has released patches for an actively exploited zero-day vulnerability in macOS Ventura, iOS, and iPadOS. Apple has mentioned in the advisory that they are aware of the issue being exploited. The vulnerability, CVE-2023-37450, was reported by an anonymous researcher. CISA has added the zero-day vulnerability to its Known Exploited Vulnerabilities Catalog and recommended users … Continue reading “Apple Patches Actively Exploited Zero-day Vulnerability in macOS Ventura, iOS and iPadOS (CVE-2023-37450)”
Apple Patches Actively Exploited Zero-day Vulnerability in iOS and iPadOS (CVE-2022-42856)
Apple has released an update to address an actively exploited zero-day vulnerability in WebKit. Tracked as CVE-2022-42856, this is a type confusion vulnerability that could allow arbitrary code execution on a vulnerable device. Clément Lecigne of Google’s Threat Analysis Group has discovered this vulnerability. The advisory says, “This issue may have been actively exploited … Continue reading “Apple Patches Actively Exploited Zero-day Vulnerability in iOS and iPadOS (CVE-2022-42856)”
Apple Releases Security Updates to patch two Zero-Day Vulnerabilities (CVE-2022-32893 and CVE-2022-32894)
Apple has rolled out emergency security updates to patch two zero-day vulnerabilities, known to be under exploitation to hack iPhones, iPads and Macs. The two zero-days are being tracked as CVE-2022-32893 and CVE-2022-32894. The vulnerabilities are known to affect all iPhones, iPads and MacOS. CVE-2022-32893 is an out-of-bounds vulnerability that might lead to arbitrary code … Continue reading “Apple Releases Security Updates to patch two Zero-Day Vulnerabilities (CVE-2022-32893 and CVE-2022-32894)”
Google Chrome Zero-Day Insufficient Input Validation Vulnerability (CVE-2022-2856)
Google has rolled out patches for its chrome browser addressing multiple vulnerabilities, including a high severity zero-day vulnerability (CVE-2022-2856). Google addressed the vulnerability stating, “Google is aware that an exploit for CVE-2022-2856 exists in the wild”. The security update is currently rolling out for Windows, Mac and Linux Operating systems. Google described the zero-day (CVE-2022-2856) … Continue reading “Google Chrome Zero-Day Insufficient Input Validation Vulnerability (CVE-2022-2856)”
Cisco Releases Patch for Zero-day XR Software Health Check Open Port Vulnerability (CVE-2022-20821)
Cisco has released a patch for a zero-day vulnerability that exists in its IOS XR router software. Tracked as CVE-2022-20821, the vulnerability could allow an unauthenticated attacker to access Redis instances running in NOSi docker containers remotely. The vulnerability was found during the resolution of a Cisco TAC support case. The vulnerability affects Cisco … Continue reading “Cisco Releases Patch for Zero-day XR Software Health Check Open Port Vulnerability (CVE-2022-20821)”
Grafana Releases Fix for Zero-day Vulnerability Exploited in the Wild (CVE-2021-43798)
Grafana Labs released an emergency security upgrade to fix a zero-day flaw that permitted remote access to local files. Security researchers released proof-of-concept code to exploit the flaw over the weekend. Before Grafana Labs gave out patches for affected versions 8.0.0-beta1 through 8.3.0, details regarding the issue became public earlier this week. Tracked as CVE-2021-43798, this is … Continue reading “Grafana Releases Fix for Zero-day Vulnerability Exploited in the Wild (CVE-2021-43798)”
Microsoft’s New Zero-day Windows Local Privilege Escalation Vulnerability (CVE-2021-41379)
Attackers are actively exploiting a zero-day vulnerability in Windows Installer. The vulnerability was found after a Microsoft patch for another security weakness failed to adequately repair the initial and unrelated bug. A security researcher found this Windows Installer Elevation of Privilege vulnerability termed as CVE-2021-41379. The vulnerability allows threat actors with limited access to a compromised device to elevate … Continue reading “Microsoft’s New Zero-day Windows Local Privilege Escalation Vulnerability (CVE-2021-41379)”
Palo Alto Networks PAN-OS GlobalProtect Portal and Gateway Interfaces Memory Corruption Vulnerability (CVE-2021-3064)
Palo Alto Networks (PAN) released an update addressing the vulnerability CVE-2021-3064. This vulnerability was discovered and disclosed by Randori. This vulnerability affects PAN firewalls that use the GlobalProtect Portal VPN. This VPN allows for unauthenticated remote code execution on susceptible product installations. The zero-day vulnerability has a severity rating of 9.8. The vulnerability chain … Continue reading “Palo Alto Networks PAN-OS GlobalProtect Portal and Gateway Interfaces Memory Corruption Vulnerability (CVE-2021-3064)”