bug

Google has released a security update fixing a major flaw in the Chrome browser. While Chrome normally updates automatically, it's a serious enough problem that it's worth manually checking for updates to the browser in order to be certain. The bug ... was highlighted by the Center for Internet Security, a non-profit organization that crowd sources security problems and fixes. It says the flaw could be exploited simply by the user visiting a compromised web page. It says that: "Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the ... (view more)

Google says it has found half a dozen major security flaws in Apple's iPhone messaging system. A new iOS update fixes five of the problems, but Google says one remains unpatched. The flaws were discovered by Google's Project Zero, a department that ... takes its name from the idea of "zero day" bugs . That's where would-be hackers become aware of a security issue before the relevant software developers are able to patch the bug. The zero day bugs are then exploited which often results in elevated privileged access levels given to a rogue program. The problems are with iMessage, the instant ... (view more)

If you're still on Windows 7 or earlier, you need to make sure you have a recent security patch installed as soon as possible. It fixes a very serious operating system exploit, dubbed "BlueKeep". Note that a firewall and antivirus will not block ... operating system exploits , which is why using an unsupported operating system is incredibly dangerous . The bug is in the way that Remote Desktop Protocol (RDP) works. Remote Desktop Protocol lets somebody on one computer see and control another computer in another location. It has some extremely useful applications such as working away ... (view more)

The National Security Agency (NSA) is refusing to comment on claims a tool it developed has been used in a ransomware attack on the Baltimore city government. The New York Times says the attackers used a tool called "EternalBlue." The attackers have ... encrypted Baltimore government systems and demanded between $76,000 and $114,440 (depending on the account) to restore access. Officials have refused to pay and used workarounds including some manual processing of files and switching to Gmail for internal communications. It seems the attack was carried out using EternalBlue, which is ... (view more)

Apple has released a patch for mobile devices which covers 51 security flaws. It's sparked debate over Apple's security levels and the way it issues such updates. The patch is for iOS, taking it up to version 12.2. Apple doesn't issue standalone ... security updates. Instead, it builds it into the main update for the system, which also includes new features or bug fixes. (Source: apple.com ) The most notable fix is a bug in an API (application program interface), which lets third party software interact with Apple services. In this case, the API bug could allow malware to access an iPhone, iPad ... (view more)

According to a recent report, Microsoft products made up eight of the ten most exploited software bugs last year according to a security company. That's higher than in recent years, largely because Adobe Flash is becoming a less rewarding target for ... hackers as it loses popularity. As recently as 2015, most of the top ten involved bugs with Flash. Microsoft took the unwanted lead in 2017 with seven entries on the list. (Source: bleepingcomputer.com ) Internet Explorer Tops The List The top spot for 2018 went to a bug in the Windows VBScript engine . That's a tool that handles code designed for ... (view more)

A security researcher says he's found a major security flaw in the Mac's password storage tool. But he's refusing to publish the details as a protest against Apple's "bug bounty" program. Linuz Henze has produced a video showing what he calls an ... exploit of the Keychain feature in MacOS Mojave, the current edition of the operating system for Mac computers. Keychain is an application on Macs that lets users save passwords for online accounts and digital certificates so that they don't have to type them in again. Users can also open Keychain and access a full list of passwords. Normally every ... (view more)

Microsoft has begun rolling out the October 2018 update for Windows 10 for a second time. It doesn't take a much of a look at the calendar to reveal that things went very badly . The release is one of the twice-yearly updates that replace the old ... model of having small updates every month and then a completely new edition of Windows every few years. The October update had a variety of problems including: Key document folders being irretrievable deleted in some cases if they weren't stored in the default disk location. Some computers being completely silenced after the update rolled out an ... (view more)

A security researcher has found a way to crash the Firefox browser and even Windows itself. Sabri Haddouche has demonstrated the technique to highlight the risk that it could be misused. The bug is shown off at Haddouche's site Browser Reaper, which ... he created to chart his interest in denial of service attacks. Normally such attacks involve flooding a website with bogus visits until it is overloaded and becomes unavailable to ordinary users. However, Haddouche has been exploring the technique from the other perspective: forcing a browser to deal with so much traffic that it crashes. Epic Name ... (view more)

Both Microsoft and Google are warning of another bug in computer processors. It's similar to previous bugs known as 'Spectre' and 'Meltdown'. For now the new issue has the less dramatic codenames 'Speculative Store Bypass Variant 4' and ... 'CVE-2018-3639'. As with Spectre and Meltdown , it involves a processor function known as speculative execution that's meant to improve computation processes. Unlike some bugs, it's classed as a low risk to users but is significant because of the sheer number of computers that could be affected. The processor is the part of the computer that physically carries ... (view more)