Security Vulnerabilities - Page 13

Discover Security Vulnerabilities News

Google fixes sixth Chrome zero-day exploited in the wild this year

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Google has released Chrome 91.0.4472.101 for Windows, Mac, and Linux, fixing 14 security vulnerabilities, including one zero-day vulnerability exploited in the wild (tracked as CVE-2021-30551). This marks the sixth Chrome zero-day exploited in the wild this year.

Brittany Day
Jun 10, 2021

Linux Porter Discovered M1 Covert Channel Flaw Named ‘M1RACLES’

Hector Martin, a hacker who is porting Linux to Apple Silicon Macs through Asahi Linux, has discovered a novel covert channel vulnerability on the M1 chip, calling it ‘M1RACLES’ and tracked as CVE-2021-30747. The flaw lies in the design of the chip itself, allowing any two applications running under an OS to covertly exchange data between them without using memory, sockets, files, or any other features that are meant to be used for data exchange. "While this shouldn’t be allowed as it bypasses OS security layers, it is nothing to worry about in practice."

Brittany Day
May 26, 2021

Raft of Exim Security Holes Allow Linux Mail Server Takeovers

A set of dangerous vulnerabilities have been discovered in the Exim mail server. Remote code execution, privilege escalation to root and lateral movement through a victim’s environment are all on offer for the unpatched or unaware.

Brittany Day
May 06, 2021

Linux kernel bug opens door to all manner of attacks

Security researchers have discovered an information disclosure vulnerability in the Linux kernel that can be exploited to leak data, at least on 32-bit Arm devices. A patch for the vulnerability has already been merged in the mainline kernel.

Brittany Day
Apr 30, 2021

Linux kernel vulnerability exposes stack memory, causes data leaks

An information disclosure vulnerability in the Linux kernel that exposes stack memory (tracked as CVE-2020-28588) can be exploited to leak data and act as a springboard for further compromise.

Brittany Day
Apr 28, 2021

Google issues Chrome update patching seven security vulnerabilities

Google has released version 90.0.4430.85 of the Chrome browser with seven security fixes, including one for a zero-day vulnerability that was exploited in the wild.

Brittany Day
Apr 21, 2021

BleedingTooth: Google drops full details of zero-click Linux Bluetooth bug chain leading to RCE

Google security researcher Andy Nguyen has disclosed long-awaited details of zero-click vulnerabilities in the Linux Bluetooth subsystem that allow nearby, unauthenticated attackers “to execute arbitrary code with kernel privileges on vulnerable devices”. Nguyen claims that his findings ultimately led to a safer, more stable kernel.

Brittany Day
Apr 12, 2021

Torvalds’ Bug Warning is a Lesson for Linux Users

Linux does, occasionally, raise security concerns. While many users see it as the most secure, robust and versatile OS available, security precautions still have to be taken. Linus Torvalds' recent bug warning is a testament to the importance of taking a proactive, vigilant approach to security.

Brittany Day
Apr 09, 2021

New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems

Cybersecurity researchers have identified two new vulnerabilities in Linux-based OSes that, if successfully exploited, could enable attackers to bypass mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory.

Brittany Day
Mar 29, 2021

Canonical Releases Another Ubuntu Linux Kernel Security Update to Fix 6 Flaws

Canonical has released another Linux kernel security update for Ubuntu to address six vulnerabilities affecting the Linux 5.8 and 5.4 kernels of several Ubuntu releases. Update ASAP to prevent DoS, information leakage and other security threats.

Brittany Day
Mar 25, 2021

Fifteen-Year-Old Linux Vulnerability Allows Local Privilege Escalation, Information Leak, and Denial of Service

Researchers have discovered three vulnerabilities capable of granting attackers root privileges on Linux systems if they are able to gain access through other methods. These bugs, which affect the iSCSI kernel subsystem, have existed for more than 15 years.

Brittany Day
Mar 23, 2021

CentOS 7 and RHEL 7 Receive Important Linux Kernel Security Update, 11 Flaws Patched

CentOS Linux 7 and Red Hat Enterprise Linux (RHEL) 7 are vulnerable to over a dozen kernel bugs. Red Hat has issued an important security update mutigating these flaws - patch now!

Brittany Day
Mar 23, 2021

New Ubuntu Linux Kernel Security Updates Address Six Vulnerabilities, Patch Now

Canonical has published new Linux kernel security updates for all of its supported Ubuntu OS releases addressing up to six security vulnerabilities affecting all supported kernels. Patch now!

Brittany Day
Mar 17, 2021

Pwning the pen tester: Malicious Wireshark packet capture file risk revealed

Maliciously constructed Wireshark packet capture files might be used to distribute malware, providing recipients can be tricked into double clicking file URL fields. A CVE has been assigned to the security issue (now resolved through a recent update) due its potential for harm, despite the fact that some social engineering trickery is required.

Brittany Day
Mar 16, 2021

Decade-old Linux kernel bugs are putting devices at risk

Three privilege escalation vulnerabilities that have managed to avoid detection since 2006 have been discovered in the Linux kernel. All three have been patched - update now!

Brittany Day
Mar 15, 2021

Linux Kernel 5.12 RC2 Released Early, Fixing the Scary Swap File Bug

Linux Kernel 5.12 RC2 has been released early due to a nasty swap file bug. Do not use Linux Kernel 5.12 RC1 for testing - you stand to lose data!

Brittany Day
Mar 09, 2021

Linus Torvalds warns: Watch out for this unusually nasty bug in Linux 5.12 rc1

Linus Torvalds has warned of a nasty security bug in the first release candidate (RC) of the Linux kernel 5.12, which he has deemed a "double ungood" that can have catastrophic consequences for a computer's filesystem.

Brittany Day
Mar 08, 2021

High severity Linux network security holes found, fixed

Five high severity Linux network security vulnerabiities have been found and fixed. Patch your systems immediately to protect your servers against DoS attacks!

Brittany Day
Mar 04, 2021

Multiple New Security Issues Hit GRUB Bootloader Around Secure Boot

Last summer, the GRUB bootloader was impacted by "BootHole" with security issues hitting its UEFI Secure Boot support. Now a new round of GRUB2 vulnerabilities affecting its UEFI Secure Boot support have been made public.

Brittany Day
Mar 03, 2021

Malicious NPM packages target Amazon, Slack with new dependency attacks

Malicious actors are exploiting a new 'Dependency Confusion' vulnerability to target Amazon, Zillow, Lyft, and Slack NodeJS apps and steal Linux/Unix password files and open reverse shells back to the attackers.

Brittany Day
Mar 02, 2021

Security Vulnerabilities - Page 13

Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns

Easily Exploitable 10-Year-Old needrestart Utility Flaws Allow Root Access

7-Zip Users Beware: Urgent Update Needed to Fix Code Execution Security Flaw