Apple released an emergency security release on September 13, 2021 to address two arbitrary code execution vulnerabilities, CVE-2021-30858 and CVE-2021-30860. According to Apple, both vulnerabilities allow maliciously crafted documents to execute arbitrary code on vulnerable devices. Apple addressed the issue saying, “Apple is aware of a report that this issue may have been actively exploited.” … Continue reading “Apple Zero-Day Arbitrary Code Execution Vulnerabilities (CVE-2021-30858 and CVE-2021-30860)”
Tag: zero day
Google Chrome Zero-Day Type Confusion Vulnerability (CVE-2021-30563)
Another zero-day vulnerability of Google Chrome was in the news in mid-July 2021. The zero-days prior to this one were as follows: CVE-2021-21148 – February 4th, 2021 CVE-2021-21166 – March 2nd, 2021 CVE-2021-21193 – March 12th, 2021 CVE-2021-21206 – April13th, 2021 CVE-2021-21220 – April 13th, 2021 CVE-2021-21224 – April 20th, 2021 CVE-2021-30551 – June 9th, … Continue reading “Google Chrome Zero-Day Type Confusion Vulnerability (CVE-2021-30563)”
Google Chrome Zero-Day Use-After-Free Vulnerability (CVE-2021-30554)
The seventh zero-day of Google Chrome was talk of the town in mid-June 2021, two weeks after the sixth zero-day was observed in the wild. The earlier six zero-days were: CVE-2021-21148 – February 4th, 2021 CVE-2021-21166 – March 2nd, 2021 CVE-2021-21193 – March 12th, 2021 CVE-2021-21220 – April 13th, 2021 CVE-2021-21224 – April 20th, 2021 … Continue reading “Google Chrome Zero-Day Use-After-Free Vulnerability (CVE-2021-30554)”
Google Chrome Zero-day Type confusion Vulnerability
The sixth zero day of Google Chrome was talk of the town during the June 2021 Patch Tuesday. The earlier 5 zero days were: CVE-2021-21148 – February 4th, 2021 CVE-2021-21166 – March 2nd, 2021 CVE-2021-21193 – March 12th, 2021 CVE-2021-21220 – April 13th, 2021 CVE-2021-21224 – April 20th, 2021 Google states that they are “aware … Continue reading “Google Chrome Zero-day Type confusion Vulnerability”
Google Chrome and Microsoft Edge Zero-day Remote Code Execution Vulnerability
The second and effective zero day on Chromium-based browsers such as Google Chrome and Microsoft Edge was posted consecutively, just after yesterday’s zero-day RCE. This time, Frust, a security researcher, tweeted about a zero-day remote code execution vulnerability creating havoc in the browser-based vulnerability trend. He has released a working proof-of-concept exploit. Unless a threat … Continue reading “Google Chrome and Microsoft Edge Zero-day Remote Code Execution Vulnerability”
Google Chrome Zero-day Remote Code Execution Vulnerability
Rajvardhan Agarwal, a security researcher, recently tweeted about a zero-day remote code execution vulnerability creating havoc in the browser-based vulnerability trend. Hereleased a working proof-of-concept exploit for the RCE for the V8 JavaScript engine in Chromium-based browsers. This zero-day concerns a remote code execution vulnerability in the V8 JavaScript rendering engine that powers the web … Continue reading “Google Chrome Zero-day Remote Code Execution Vulnerability”
Apache Solr Arbitrary File Read Vulnerability (Zero Day)
Recently, a critical zero-day vulnerability was observed in Apache Solr. Apache Solr, written in Java, is an open-source enterprise search platform from the Apache Lucene project. Its major features include full-text search, hit highlighting, faceted search, real-time indexing, dynamic clustering, database integration, NoSQL features and rich document handling. As it has a dynamic range of … Continue reading “Apache Solr Arbitrary File Read Vulnerability (Zero Day)”
Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks
Overview Microsoft released out-of-band updates today that fix seven critical vulnerabilities in Microsoft Exchange Server. According to the Microsoft Security Response Center, four of these seven vulnerabilities are used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. Description Today Microsoft releases several security updates for Microsoft Exchange Server to address … Continue reading “Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks”
SonicWall SMA 100 Series 10.X Zero-Day Vulnerability
SonicWall is one of the latest IT security vendors, after Microsoft, FireEye, and Malwarebytes, to confirm a breach in recent weeks. All vendors disclosed cyberattacks related to the massive SolarWinds attack campaign targeting major US government agencies and businesses. SonicWall has issued a security advisory addressing a patch for the zero-day vulnerability used in attacks … Continue reading “SonicWall SMA 100 Series 10.X Zero-Day Vulnerability”
Two Zero-days in Google Chrome
On November 11, 2020, Google Chrome issued an update announcement for the browser across all platforms. Google confirmed that the “stable channel” desktop Chrome browser is being updated to version 86.0.4240.198 across Windows, Mac, and Linux platforms. As per Google’s official sources, this urgent update will start rolling out over the coming few days or weeks. About … Continue reading “Two Zero-days in Google Chrome”