A security researcher has discovered a zero-day vulnerability CVE-2021-24084 in Windows Mobile Device Management that could allow information disclosure and local privilege escalation (LPE).
The Federal Bureau of Investigation (FBI) has issued a report of advanced persistent threat (APT) actors exploiting 0-day FatPipe MPVPN networking devices since at least May of 2021.
Microsoft has released the November 2021 Security Updates that includes patches for 55 vulnerabilities, 6 of those rated Critical. The updates also address 2 zero-day bugs being actively exploited in the wild.
Google has released the Android Security Bulletin for November 2021 with patches for 36 vulnerabilities, to include five High risk bugs and one zero-day being exploited in the wild.
Google has released Chrome 95 security update (95.0.4638.69) for Windows, Mac and Linux with fixes for multiple High risk vulnerabilities, 2 of those are being exploited in the wild.
Microsoft has released the October 2021 Security Updates that includes patches for 74 vulnerabilities, 3 of those rated Critical. The updates also address 4 zero-day bugs, 1 of those actively exploited in the wild.
Apple has released a security update for iOS 15.0.2 with fix for zero-day exploited in the wild.
The Apache HTTP Server Foundation has patched a path traversal and file disclosure vulnerability (CVE-2021-41773) in Apache HTTP Server 2.4.49.
Google has released Chrome 94 security update (94.0.4606.71) with patches for 2 zero-day vulnerabilities (CVE-2021-37975 and CVE-2021-37976) exploited in the wild.
Apple has released security updates to fix vulnerabilities in iOS 12.5.5 and macOS Catalina. The tech giant also warned of active exploits in the wild against some vulnerabilities.