Apple releases patch for “unc0ver” jailbreak zero-day vulnerability

Apple has released a patch for a previously disclosed "Unc0ver" jailbreak 0-day vulnerability. The security updates and patch address iOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, watchOS 6.2.6, tvOS 13.4.6 and other products.

Continue Reading Apple releases patch for “unc0ver” jailbreak zero-day vulnerability

VMware patches multiple vulnerabilities in ESXi, Workstation, Fusion, VMRC and Horizon Client

VMware issued a security advisory for multiple vulnerabilities that impact VMware ESXi, Workstation, Fusion, VMRC and Horizon Client products. An attacker could exploit one of these vulnerabilities and take control of an unpatched system.

Continue Reading VMware patches multiple vulnerabilities in ESXi, Workstation, Fusion, VMRC and Horizon Client

Microsoft patches a privileged escalation vulnerability in Edge

Microsoft has issued an out-of-band patch for a privileged escalation vulnerability in Microsoft Edge (Chromium-based). Microsoft said the vulnerability CVE-2020-1195 exists in Edge when the Feedback extension improperly validates input.

Continue Reading Microsoft patches a privileged escalation vulnerability in Edge

Cisco patches Critical RCE vulnerability in Unified CCX software

Cisco patched a Critical RCE vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX). The company also addressed a DoS vulnerability in MDS 9000 Series Switches.

Continue Reading Cisco patches Critical RCE vulnerability in Unified CCX software

BIND and Microsoft DNS security updates

The Internet Systems Consortium (ISC) has released two security updates that fix vulnerabilities on multiple versions of BIND. In addition, Microsoft also issued a new DNS security advisory and workaround. The flaws could allow a remote attacker to exploit and cause a denial of service condition.

Continue Reading BIND and Microsoft DNS security updates

Patch these 10 most commonly exploited vulnerabilities

U.S. government cybersecurity experts are providing guidance on the "top 10" most commonly exploited vulnerabilites. The alert helps highlight the importance of patching and prioritizing vulnerabilities with known exploits.

Continue Reading Patch these 10 most commonly exploited vulnerabilities

450K internet-connected QNAP devices exposed to RCE vulnerabilities

A security researcher disclosed four vulnerabilities in QNAP PhotoStation and CGI programs. All QNAP network-attached storage (NAS) devices running Photo Station are vulnerable and of those, approximately 450,000 QNAS NAS devices are exposed to the internet.

Continue Reading 450K internet-connected QNAP devices exposed to RCE vulnerabilities