The Mozilla Foundation yesterday issued a security update for Firefox and Firefox Extended Support Release, which were found to contain an actively exploited, critical vulnerability in the IonMonkey JIT compiler. “Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion,” reads an official advisory
Tag: exploited
Google app vulnerability being exploited in the wild: Trend Micro
The Sidewinder APT group has been actively abusing a Binder vulnerability in at least three apps found in the Google Play store. The three apps, all file manager and photography tools, were uploaded starting in March 2019, but have since been removed. The apps involved are Camero, FileCrypt and callCam. The vulnerability effects several Android devices,
Amazon’s Ring partners with National Center for Missing & Exploited Children to put missing posters in Neighbors app
Microsoft fixes exploited privilege elevation flaw, 34 more bugs
For its final Patch Tuesday release of the year, Microsoft Corporation issued a series of security updates that fixed a total of 35 vulnerabilities, seven of which were deemed critical and one of which was found to be actively exploited. The most severe flaws consist of remote code execution vulnerabilities in
Exploited Android flaw ‘StrandHogg’ enables phishing overlays, malicious permissions
Attackers have been actively exploiting an Android vulnerability that allows malicious apps to display dangerous permission requests and phishing overlays under the guise of a legitimate app. Dubbed StrandHogg (an old Norse Viking term), the flaw resides in Android’s taskAffinity control setting, and can be successfully abused without having to first
Microsoft revises and re-releases patch for exploited Internet Explorer bug
Microsoft Corp. yesterday re-released a security update for CVE-2019-1367, a critical remote execution bug in Internet Explorer that has been actively exploited. The new release expands upon the previous emergency out-of-band update, which took place Sept. 23. According to reports, the company’s earlier effort to distribute a patch was only available
Reports: Actively exploited zero-day found in vBulletin forum software
The vBulletin Internet forum software package reportedly contains a critical zero-day remote code execution vulnerability that attackers have been actively exploiting, possibly as far back as three years ago. Multiple news organizations are reporting that a researcher studying the well-known forum software published a pre-auth RCE exploit for the bug on vBulletin’s