October 9, 2024 at 01:38PM Mozilla released an emergency security update for Firefox to fix a critical use-after-free vulnerability (CVE-2024-9680) in Animation timelines, currently exploited in attacks. Affected versions are Firefox 131.0.2, Firefox ESR 115.16.1, and Firefox ESR 128.3.1. Users are urged to upgrade immediately for protection. ### Meeting Takeaways on Mozilla Firefox Security Update … Read more
September 11, 2024 at 01:44PM A critical “use after free” vulnerability (CVE-2024-41869) in Adobe Acrobat Reader could lead to remote code execution through specially crafted PDF documents. Discovered in June, a security fix was initially ineffective, but a new release has addressed the issue. This discovery stems from cybersecurity researcher Haifei Li’s EXPMON platform, aiming … Read more
June 25, 2024 at 03:54AM Google announced a new Chrome security update addressing four high-severity memory safety vulnerabilities. 3 defects were reported by ‘wgslfuzz’ & the 4th by Cassidy Kim. wgslfuzz received a $10,000 reward for CVE-2024-6290 & Kim $4,000 for CVE-2024-6291. The update, version 126.0.6478.126 for Linux and 126.0.6478.126/127 for Windows and macOS, includes … Read more
June 12, 2024 at 06:18AM Google and Mozilla released Chrome 126 and Firefox 127, respectively, with patches for high-severity memory safety vulnerabilities. Google awarded over $160,000 in bug bounty rewards to external researchers. The highest reward of $100,115 was for CVE-2024-5839, related to a medium-severity inappropriate Memory Allocator implementation. Firefox’s update addresses 15 vulnerabilities, including … Read more
May 10, 2024 at 07:00AM Google released security updates to fix a zero-day flaw (CVE-2024-4671) in Chrome actively exploited in the wild. The vulnerability involves use-after-free in the Visuals component, reported by an anonymous researcher on May 7, 2024. This is the second zero-day addressed by Google in 2024. Users are advised to upgrade their … Read more
May 10, 2024 at 04:09AM Google has released a security update for the Chrome browser to fix the fifth zero-day vulnerability of 2024, which is a high-severity “user after free” issue in the Visuals component. The update addresses potential data leakage, code execution, and crashes. Users are advised to confirm they have the latest version … Read more
March 12, 2024 at 02:21PM Summary: Apple ID HT214090 addresses CVE-2024-23300, a use-after-free issue in GarageBand. The release on 2024-03-12 includes improved memory management to mitigate potential impact. Users of macOS Ventura and macOS Sonoma are advised to install the update to prevent unexpected app termination or arbitrary code execution when processing malicious files. Based … Read more
December 13, 2023 at 07:00AM Google announced the release of Chrome 120 security update addressing nine vulnerabilities, with six reported by external researchers. The most severe resolved vulnerability is a type confusion bug in the V8 JavaScript engine, with CVE-2023-6702. Google paid out bug bounties totaling $50,000 and has restricted access to vulnerability details. The … Read more
October 25, 2023 at 02:36PM Summary: Apple has released a security update addressing multiple vulnerabilities in various products. The issues include privacy concerns, memory handling improvements, authentication and UI issues, and potential arbitrary code execution. Affected products include Contacts, CoreAnimation, Find My, ImageIO, IOTextEncryptionFamily, Kernel, Mail Drafts, mDNSResponder, Passkeys, Photos, Pro Res, Siri, Status Bar, … Read more
October 25, 2023 at 02:36PM Summary: Apple has addressed several security vulnerabilities in the WebKit software. These issues could potentially lead to arbitrary code execution or denial-of-service attacks when processing web content. Updates are available for macOS Monterey and macOS Ventura. Here are the key takeaways from the meeting notes: 1. Apple has released an … Read more