Category Archives: security update

December 2018 Patch Tuesday: Microsoft patches Windows zero-day exploited in the wild

It’s Patch Tuesday again and, as per usual, both Microsoft and Adobe have pushed out patches for widely-used software packages. The Microsoft patches Microsoft’s December 2018 Patch Tuesday release is pretty lightweight: the company has plugged 38 CVE-numbered security holes, nine of which are considered to be Critical. Among the most notable bugs in this batch are CVE-2018-8611, an elevation of privilege vulnerability that arises when the Windows kernel fails to properly handle objects in … More

The post December 2018 Patch Tuesday: Microsoft patches Windows zero-day exploited in the wild appeared first on Help Net Security.

Adobe’s Year-End Update Patches 87 Flaws in Acrobat Software

Adobe is closing out this year with its December Patch Tuesday update to address a massive number of security vulnerabilities for just its two PDF apps—more than double the number of what Microsoft patched this month for its several products. Adobe today released patches for 87 vulnerabilities affecting its Acrobat and Reader software products for both macOS and Windows operating systems, of

Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack

Microsoft today, on its year-end December Patch Tuesday, released security updates to patch a total 39 vulnerabilities its Windows operating systems and applications—10 of which are rated as critical and other important in severity. One of the security vulnerabilities patched by the tech giant this month is listed as publicly known at the time of release, and one is a zero-day reported as being

Apple releases security updates for Macs, iDevices, AppleTV

Another month, another set of Apple security updates: if you’re using macOS, iOS, Shortcuts for iOS, tvOS, Safari, and iCloud and iTunes for Windows, it’s time to get patching. The updates The Safari, iCloud and iTunes updates have a lot of overlap – two Safari bugs that can lead to address bar or user interface spoofing, six WebKit issues that can be triggered by the processing of maliciously crafted web content to achieve remote code … More

The post Apple releases security updates for Macs, iDevices, AppleTV appeared first on Help Net Security.

Critical Kubernetes privilege escalation flaw patched, update ASAP!

A critical privilege escalation vulnerability affecting the popular open source cluster management and container orchestration software Kubernetes has been patched on Monday. The project maintainers are urging users to update their installations as soon as possible, since the flaw can be easily exploited remotely by unauthenticated attackers to gain access to vulnerable Kubernetes clusters and the applications and data within them. About the vulnerability (CVE-2018-1002105) CVE-2018-1002105 affects the Kubernetes API server – more specifically, its … More

The post Critical Kubernetes privilege escalation flaw patched, update ASAP! appeared first on Help Net Security.

Adobe plugs critical RCE Flash Player flaw, update ASAP! Exploitation may be imminent

Adobe has released a Flash Player update that plugs a critical vulnerability (CVE-2018-15981) that could lead to remote code execution, and is urging users to implement it as soon as possible. The flaw affects Flash Player 31.0.0.148 and earlier versions on Windows, macOS, Linux and Chrome OS, and details about it are already publicly available, the company warned. About CVE-2018-15981 CVE-2018-15981 was discovered and publicly disclosed by researcher Gil Dabah last week. “The interpreter code … More

The post Adobe plugs critical RCE Flash Player flaw, update ASAP! Exploitation may be imminent appeared first on Help Net Security.

“Classic” bugs open TP-Link’s SafeStream Gigabit Broadband VPN Router to attack

Cisco Talos researchers have flagged four serious vulnerabilities in TP-Link’s SafeStream Gigabit Broadband VPN Router (TL-R600VPN). All four affect the device’s HTTP server, and can lead to denial of service, information disclosure, and remote code execution. About the vulnerabilities The flaws affect TP-Link TL-R600VPN, hardware versions 2 and 3. Numbered CVE-2018-3948 and CVE-2018-3949, respectively, the flaws that can be exploited for DoS and information disclosure can be triggered via an unauthenticated web request and a … More

The post “Classic” bugs open TP-Link’s SafeStream Gigabit Broadband VPN Router to attack appeared first on Help Net Security.

Adobe Patch Tuesday November Fixed Multiple Information Disclosure Vulnerabilities

This week, Adobe released its monthly scheduled update bundle addressing vulnerabilities within its different products. The Adobe patch Tuesday November

Adobe Patch Tuesday November Fixed Multiple Information Disclosure Vulnerabilities on Latest Hacking News.