vulnerability
Latest
TikTok patched an exploit that could've let attackers steal user phone numbers
TikTok has fixed a serious flaw discovered by the security firm Check Point Research.
iPhone security flaw let spies hack dozens of Al Jazeera journalists
A security vulnerability in iPhones let spies hack dozens of Al Jazeera journalists using an NSO Group tool.
Valve patched Steam bugs that could have allowed hackers to take over PCs
Check Point Research found four vulnerabilities within the company’s Steam Sockets network library.
iPhone exploit gave hackers control over WiFi without your input
Apple recently fixed an iOS exploit that let intruders control your phone over WiFi without any interaction on your part.
Hackers could have locked users inside a smart chastity device
A security vulnerability in a chastity sex toy could have let attackers lock you in permanently, on top of sharing messages and location data.
Grindr flaw allowed hijacking accounts with just an email address
A Grindr vulnerability allowed anyone who knows a user’s email address to easily reset their password and hijack their account. A French security researcher named Wassime Bouimadaghene discovered the flaw and tried to report it to the dating service. When support closed his ticket and he didn’t hear back, he asked help from security expert Troy Hunt who worked with another security expert (Scott Helme) to set up a test account and confirm that the vulnerability does exist.
Homeland Security warns of a 'critical' security flaw in Windows servers
Homeland Security has issued an emergency alert for a Windows security flaw, Zerologon, that allows attackers to compromise entire networks.
Google Drive flaw may let attackers fool you into installing malware
Google Drive reportedly has a security flaw that lets attackers use version control to install malware on users' devices.
OKCupid security flaws could have given hackers access to user accounts
Security researchers discovered vulnerabilities in OKCupid's website and dating apps.
Microsoft is patching a dangerous Windows DNS Server exploit
If you're running a Microsoft DNS server, patch it, now.
'Sign in with Apple' flaw let attackers take over accounts
A recently fixed 'Sign in with Apple' bug would have let intruders take control of accounts.
Qatar’s contact tracing app put over one million people’s info at risk
A security flaw in Qatar’s contact tracing app put the personal information of more than one million people at risk.
The latest iOS jailbreak cracks virtually any iPhone
A new jailbreak can open up virtually any iOS device, including ones using Apple's latest software.
Multiple antivirus apps are vulnerable to common security flaws
At least 28 well-known antivirus apps could be exploited by shared security flaws, and a few are still vulnerable now.
Apple says Mail app vulnerabilities don't pose an 'immediate risk' to users
Apple has downplayed the danger of a Mail bug disclosed recently by a security firm, according to a tweet from analyst Rene Ritchie.
Apple Mail for iPhone may be vulnerable to malware attacks (updated)
Security researchers say they've found a flaw in iOS' Mail app that lets attackers deliver malware without user input, although evidence is scarce.
Safari flaw let intruders hijack cameras on iPhones and Macs
If you're working on a Mac at home or reconnecting with friends on an iPhone, you'll want to be sure you have the latest security updates. Security researcher Ryan Pickren has detailed recently patched Safari vulnerabilities that allowed intruders to hijack the cameras and microphones on iOS and macOS devices. A maliciously crafted website could trick Safari into believing the page had the same camera and mic permissions as one you'd already cleared, such as Skype. The attacker just needed a combination of specially-made web addresses with scripts to perform a "bait-and-switch."
Microsoft warns Windows users of two security holes already under attack
Today, Microsoft warned billions of Windows users that hackers are actively exploiting two critical zero-day vulnerabilities that could allow bad actors to take complete control of targeted computers. According to a security advisory, the vulnerabilities are being used in "limited targeted attacks," and all supported Windows operating systems could be at risk.
Microsoft issues emergency Windows 10 patch for leaked vulnerability
Microsoft has released an unscheduled patch for a security bug that it accidentally disclosed during the release of its March 2020 patch several days ago. While difficult to exploit, the vulnerability is "critical" because it could allow malicious code to automatically spread from one machine to another. By releasing the fix now, Microsoft aims to avoid a chain reaction scenario that played out with the WannaCry and NotPetya viruses in 2017.
AMD CPUs for the past 9 years are vulnerable to data leak attacks
It's not just Intel chips that are vulnerable to hard-to-fix security flaws. Researchers at the Graz University of Technology have detailed a pair of side channel attacks under the "Take A Way" name that can leak data from AMD processors dating back to 2011, whether it's an old Athlon 64 X2, a Ryzen 7 or a Threadripper. Both exploit the "way predictor" for the Level 1 cache (meant to boost the efficiency of cache access) to leak memory content. The Collide+Probe attack lets an intruder monitor memory access without having to know physical addresses or shared memory, while Load+Reload is a more secretive method that uses shared memory without invalidating the cache line.