patch
Latest
Blizzard pledges to fix (or refund) 'Warcraft III: Reforged'
It's only been a few days since Blizzard launched Warcraft III: Reforged, but fans have made it clear that they are not happy. In response, Blizzard says it is "sorry to those of you who didn't have the experience you wanted." The company promises that at least a handful of fixes are on the way.
Intel is patching its Zombieload CPU security flaw for the third time
For the third time in less than a year, Intel has disclosed a new set of vulnerabilities related to the speculative functionality of its processors. On Monday, the company said it will issue a software update "in the coming weeks" that will fix two more microarchitectural data sampling (MDS) or Zombieload flaws. This latest update comes after the company released two separate patches in May and November of last year.
Microsoft is patching a major Windows 10 flaw discovered by the NSA (updated)
The IT world was waiting on pins and needles today for a high-profile Microsoft Windows 10 security patch, and now we know why. The US National Security Agency (NSA) acknowledged it has discovered a serious flaw in Windows 10 that could expose users to surveillance or serious data breaches, as reported initially by the Washington Post. That was backed by Krebs on Security, which reported that the NSA confirmed that it did find a major vulnerability that it passed on to Microsoft.
Homeland Security wants you to update your Firefox browser right now
The Department of Homeland Security is urging Firefox users to update their browsers. The rare warning was issued earlier this week, after Mozilla released two critical security updates. According to the Cybersecurity and Infrastructure Security Agency (CISA), the exploit could allow hackers to "take control of an affected system."
Google's new policy gives developers more time to address security flaws
Google's Project Zero disclosure program is supposed to encourage releases of security fixes in a timely fashion, but things haven't gone according to plan. Premature disclosures, half-hearted fixes and other issues have been a little too common. The company might address some of those problems in 2020, though. It recently revised its policies in a bid to encourage both more "thorough" security patches and wider adoption of those patches. Most notably, Google will wait 90 days to disclose a flaw even if it's fixed well ahead of that deadline. If developers act quickly, they'll have more time to both distribute patches and make sure that fixes address the root cause of a flaw.
'Death Stranding' update will fix tiny, hard-to-read text
One of the more prevalent criticisms of Hideo Kojima's Death Stranding is that the onscreen text is often pretty small and difficult to read. Kojima Productions has been working on a fix for the issue, and you'll be able to increase the font size.
Samsung's fix for Galaxy S10 fingerprint scanning will roll out soon
Samsung is acting on its promise to fix its fingerprint reader security flaw. The tech firm is alerting Galaxy S10, S10+, Note 10 and Note 10+ owners that it'll send a notification for the patch "within 24 hours" (clearly less time than that as you read this) for anyone who has registered a fingerprint on their device. You'll have a fix well before the weekend. Samsung is also asking anyone who has used the phone with a screen protector to delete and re-register their prints without the protector installed, since it might include "incorrect" info.
Samsung says fix for Galaxy 10 fingerprint flaw is coming 'next week'
Earlier this week Samsung confirmed that an issue regarding screen protectors allowed some of its flagship devices to be bypassed with any fingerprint. Now, the company has said it will fix the problem in a patch which may come as soon as next week.
LastPass patched a bug that could have exposed your passwords
If you use LastPass to manage your passwords, now would be a good time to make sure you're running the latest version, 4.33.0. As Gizmodo reports, LastPass recently patched a bug that could have been used to compromise users' security credentials. The patch should have arrived automatically, but as a precaution, it's worth making sure you're running the September 12th update.
Apple re-fixes a bug that let users jailbreak iPhones
Apple fixed a vulnerability that temporarily allowed hackers to jailbreak iPhones. The bug was first fixed in iOS 12.3 but reintroduced in iOS 12.4. Hackers discovered the flaw earlier this month and shared a free public jailbreak just for the fun of it. Today, Apple released iOS 12.4.1, which should take care of the vulnerability once and for all.
'Fortnite' finally nerfs the hated B.R.U.T.E. mechs
With the debut of Fortnite season X a few weeks ago, Epic Games added some superpowered B.R.U.T.E. mech suits to its battle royale game. According to the company, its mechs were intended to help level the playing field, but many high-level and even more every day-type players complained that they were just too powerful. Epic responded initially by limiting their appearances during the game's competitive mode, and added a new weapon, the "junk rift," that could help players fight back against them. That still wasn't enough to make players happy, and now changes are live across all platforms for Fortnite that have significantly depowered the B.R.U.T.E. by reducing the number of missiles it fires, how fast it fires them, the radius of the explosions caused by its weapons, and reduced spawning rates. Also, now players can't pick up materials while stomping or dashing through the environment.
Hackers make jailbreaking iPhones a thing again
In the iPhone's early days, hackers would "jailbreak" the iPhone in order to install third-party apps that weren't available through the App Store. It's been a while since anyone seriously needed to jailbreak their iPhone, as there are plenty of apps and more customizable operating systems to choose from. But this weekend, hackers dusted off their jailbreaking skills when a vulnerability was discovered in iOS 12.4. Security researcher Pwn20wnd released the first free public jailbreak for a fully updated iPhone in years.
Even DSLR cameras are vulnerable to ransomware
Cameras are among the few devices that don't connect to the internet, so you'd think they'd be immune to hackers. However, researchers have discovered that some DSLRs and mirrorless cameras are actually vulnerable to ransomware attacks, of all things. Once in range of your camera's WiFi, a bad actor could easily install malware that would encrypt your valuable photos unless you paid for a key.
Apple quietly updates Macs to remove Zoom webcam exploit
It's not just Zoom scrambling to fix the exploit that allowed intruders to hijack Mac webcams. Apple has issued a silent, automatic update to macOS that removes the web server used to streamline access to the video conferencing app. The update isn't completely necessary when Zoom has already issued its own patch, but this ensures that people running older Zoom releases won't be vulnerable.
Zoom will remove server behind Mac webcam security hole
Zoom is acting quickly on the security flaw that let intruders hijack Mac users' webcams. The video conferencing firm is releasing a patch on July 9th (that's today, if you're reading in time) that removes access to the local web server behind the vulnerability. It'll also let you manually uninstall Zoom and remove all traces of the app so that there's no chance of an exploit later on. Another update, due for the weekend of July 12th, will also ensure that rookies who choose "always turn off my video" will automatically have their preferences honored in those situations where a meeting host would normally require that video switches on.
EA patched Origin security flaws that put millions of users at risk
EA patched flaws in its Origin platform that could have enabled hackers to hijack and exploit millions of users' accounts. The vulnerabilities were spotted by Check Point Research and CyberInt, and once exploited, they could have allowed player account takeover and identity theft. The cybersecurity companies alerted EA, which was quick to take action.
A fix for the OnePlus 7 Pro's 'phantom tap' issue is on the way
The OnePlus 7 Pro has only been on the market for a matter of days, and some users are reporting problems with their screens. Some owners are dealing with "phantom taps," which cause the device to register false inputs when they haven't touched the screen. There are suggestions that turning off NFC works as a stopgap to fix the problem, which seems to be a software issue -- OnePlus plans to roll out a patch to resolve it "in the coming weeks."
Install updates now to address a vulnerability in most Intel CPUs
In January 2018, a pair of security exploits dubbed Spectre and Meltdown showed how attackers could take advantage of commonly-implemented CPU technology to access data they shouldn't have been able to. They were followed by a similar bug, Foreshadow, late last year, and now researchers have uncovered four different techniques that exploit Intel's speculative execution technology in a similar way. The website CPU.fail has collected information about each vulnerability -- they're collectively referred to as Microarchitectural Data Sampling (MDS) -- including Zombieload, RIDL & Fallout, and Store-to-Leak Forwarding. Example code shows how the attacks could be launched using malicious JavaScript, for example, and researchers state that it would be difficult for antivirus software to detect it, however they have not found evidence of anyone using the tech in attacks so far.
Verizon patches FiOS routers to fix three security flaws
Of all the home network devices we need to keep secure, there might not be any one more important than the router itself. For Verizon (the owner of Engadget's parent company) FiOS home internet customers, it's time to double check that your gear has been updated with the latest firmware update after Tenable Research identified several vulnerabilities in the Quantum Gateway G1100. If exploited, someone could control it and According to a breakdown of the vulnerabilities, they would mostly require someone to be connected on the local network itself, however it could also be vulnerable if remote administration is enabled and someone had the credentials that are printed on a sticker attached to the device. Tenable notified Verizon of the problem in December, and a firmware update to fix affected devices started rolling out March 1st. As Bleeping Computer notes, at least one person reported some issues after it was installed, although it was resolved after a factory reset of the device.
ASUS releases fix for ShadowHammer malware attack
ASUS may have inadvertently pushed malware to some of its computers through its update tool, but it at least has a fix ready to go. The PC maker has released a new version of its Live Update software for laptops that addresses the ShadowHammer backdoor attack. It also promised "multiple security verification mechanisms" to reduce the chances of further attacks, and started using an "enhanced end-to-end encryption mechanism." There are upgrades to the behind-the-scenes server system to prevent future attacks, ASUS added.
