December 11, 2024 at 02:57PM Apple released significant security updates for iOS 18.2 and macOS Sequoia 15.2 to address vulnerabilities, including data leakage and code execution risks. Key patches target flaws in kernel, WebKit, and AppleMobileFileIntegrity components, and fix a critical defect in libexpat that could lead to unauthorized remote actions. ### Meeting Takeaways: 1. … Read more
December 11, 2024 at 01:33PM On December 11, 2024, Apple will release updates for tvOS 18.2, addressing multiple security vulnerabilities. Issues include improved checks and memory handling to prevent unauthorized access to sensitive data and potential memory corruption. The updates apply to Apple TV HD and Apple TV 4K models. ### Meeting Notes Summary **Apple … Read more
September 4, 2024 at 08:36AM Zyxel has released patches addressing critical vulnerabilities in their networking devices. The patches cover multiple access point and security router models, as well as firewall series devices. The vulnerabilities could allow remote attackers to execute arbitrary commands or cause a denial-of-service condition. Zyxel advises affected product owners to obtain the … Read more
August 22, 2024 at 02:51PM New security fixes are being rolled out for Chrome to address a high-severity type confusion bug, identified as CVE-2024-7971, in the V8 JavaScript engine. Google reported the presence of an exploit for this vulnerability. The updated version 128 of Chrome will address 38 vulnerabilities, including CVE-2024-7971, and is expected to … Read more
August 20, 2024 at 07:18AM In August 2024, F5 released patches for nine vulnerabilities, including high-severity flaws in BIG-IP and NGINX Plus. The most severe issue, CVE-2024-39809, impacts BIG-IP Next Central Manager, allowing attackers to access systems after user logout. F5 also addressed CVE-2024-39778, CVE-2024-39792, and CVE-2024-41727, as well as five medium-severity flaws. Mitigation actions … Read more
July 24, 2024 at 08:39AM Google released Chrome 127, addressing 24 vulnerabilities, with memory safety bugs and high-severity flaws the most prevalent. The update includes patches for high and medium-severity vulnerabilities, as well as low-severity issues, awarding over $55,000 in bug bounty rewards. Users are encouraged to update promptly, with specifics on vulnerabilities withheld until … Read more
July 2, 2024 at 09:22AM Splunk announced patches for 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including six high-severity bugs. The vulnerabilities include remote code execution flaws, command injection flaw, path traversal, and denial-of-service. Splunk also addressed medium-severity flaws. No mention of exploitation in the wild was made. Additional information is available on Splunk’s … Read more
June 27, 2024 at 10:04AM GitLab released security patches for GitLab Community Edition and Enterprise Edition, addressing 14 vulnerabilities, including critical and high-severity flaws. The critical issue, CVE-2024-5655, could allow unauthorized pipeline triggering. The updates also address various vulnerabilities, including cross-site scripting and improper authorization. Users are advised to update to versions 17.1.1, 17.0.3, or … Read more
April 3, 2024 at 06:24AM Google released patches for 28 Android vulnerabilities and 25 Pixel device bugs, including two actively exploited issues (CVE-2024-29745 and CVE-2024-29748). Notable among the flaws is CVE-2024-23704, a high-severity vulnerability in the System component. The update also addressed security issues in Qualcomm and MediaTek components and resolved bugs in Android Automotive … Read more
March 20, 2024 at 02:57PM GitHub introduced a new AI-powered feature, Code Scanning Autofix, which automatically provides potential fixes for vulnerabilities in JavaScript, Typescript, Java, and Python. The feature aims to speed up vulnerability fixes, reduce security risks, and reclaim developers’ time. GitHub plans to expand language support and has also enabled push protection for … Read more