Apple has released a set of security updates for the second time this month. The updates include fixes for vulnerabilities in macOS, Safari, watchOS, iOS and tvOS. There are a total of 56 CVEs. 33 vulnerabilities were fixed in macOS and 14 vulnerabilities in Safari. Eleven vulnerabilities in macOS lead to arbitrary code execution. 13 […]

Read More →

PHP FPM (FastCGI Process Manager) is an advanced PHP FastCGI implementation with added features and is very useful for heavily loaded sites. A vulnerability was discovered in PHP FPM which has been exploited in-the-wild. NGINX servers with PHP-FPM are found to be vulnerable. The vulnerability is tracked as CVE-2019-11043 and classified as buffer underflow (CWE-124). […]

Read More →

Mozilla Firefox Vulnerabilities Mozilla released updates for Firefox and Firefox ESR. Thirteen vulnerabilities were fixed in Firefox and nine vulnerabilities in Firefox ESR. Mozilla has rated these updates as critical which indicates that these security loopholes can be used by an attacker to run arbitrary code and install malicious software with minimal to no user […]

Read More →

A critical vulnerability was discovered in the Linux Kernel which allows attackers to crash the operating system or completely take over the operating system. Researchers claim that this bug exists since at least 2015. This vulnerability was discovered by Nico Waisman, principal security engineer at Github. The vulnerability resides in the ‘rtlwifi‘ driver component of […]

Read More →

Cisco released 29 updates to address the vulnerabilities in its products. There is one critical vulnerability that was addressed in this set of updates. This vulnerability requires no authentication for exploitation and is remotely exploitable. 6 vulnerabilities are rated high in severity out of which 2 are related to Aironet.  The other products which were […]

Read More →

Oracle has released 219 new security patches as a part of the quarterly update cycle. 142 vulnerabilities are remotely exploitable without user credentials. Oracle MySQL received 34 security patches. 9 vulnerabilities allow an attacker to exploit the underlying flaws over the network without any form of authentication. CVE-2019-8457 is considered to be the most critical […]

Read More →

Adobe released out-of-band security updates for four products. These updates addressed a total of 82 vulnerabilities. 46 vulnerabilities are rated critical and 31 vulnerabilities are rated important in severity. All the critical vulnerabilities lead to Arbitrary Code Execution and 34 vulnerabilities lead to disclosure of sensitive information. Adobe Acrobat and Reader 68 vulnerabilities were addressed […]

Read More →

Linux users, beware! One of the most powerful and well known command line utility, sudo, could aid users to gain superuser privileges in spite of the existing restrictions. With sudo being installed in almost all flavors of UNIX-like operating systems, a major number of users could possibly be affected. Who said security was easy? Right, […]

Read More →

Apple released security updates a week ago which included a fix for a zero-day vulnerability. Morphisec discovered active exploitation of an Apple vulnerability by BitPaymer/IEncrypt campaign. BitPaymer/IEncrypt campaign has been targeting various public and private sector industries spread across the U.S. This campaign uses spearphishing emails as its initial infection vector and delivers Dridex malware. […]

Read More →

iTerm2 is one of the most popular macOS terminal emulator and is a default choice for developers and administrators due to its extensive features like windows transparency, full-screen mode, notifications, integration with tmux etc. A critical remote code execution vulnerability has been discovered in iTerm2 by Radically Open Security, as part of an independent security […]

Read More →