Apple’s secret is out: 3 zero-days fixed, so be sure to patch now!
All Apple users have zero-days that need patching, though some have more zero-days than others.
Stay informed on infosec trends, threats, and strategies with the latest updates and expert insights in Information Security.
Search across headline titles and summaries.
Background for this topic.
Fixed is a status indicating that a security issue has been addressed through a corrective change, such as a software patch, code change, configuration update, or removal of an affected component. In vulnerability tracking, it usually describes the issue under specified conditions and versions; it does not automatically prove that every affected asset has been updated or that exploitation is impossible.
For vulnerability management, practitioners should verify the fix’s scope, deployment, and effectiveness through testing, rescanning, or other evidence. Incomplete rollout, an overlooked instance, a dependent vulnerable component, or a regression can leave exposure despite a “Fixed” label. Records should distinguish fixed from mitigated or accepted, identify affected assets and versions, and retain validation dates. If the issue was exploited before remediation, fixing it does not establish that an attacker’s access or changes have been removed; that requires separate investigation.
Weekly headline count for the current query.
All Apple users have zero-days that need patching, though some have more zero-days than others.
Last week, we wrote about a bunch of memory management bugs that were fixed in the latest security update for the popular OpenSSL encryption library. Along with those memory bugs, we also reported on a bug dubbed CVE-2022-4304: Timing Oracle in RSA Decryption. In this bug, firing the same encrypted message over and over again […]
In all the excitement, we kind of lost track ourselves. Were there six 0-days, or only four?
There's a zero-day patch, but it's not for the zero-day you thought.
24 existing bugs fixed. And, we hope, numerous potential future bugs prevented.
One vendor's zero-day is another vendor's routine patch...
We tried it out to make sure, so you don't have to.
Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself "Frank".
Fortunately, we're not talking about a robot revolution, or about hospital AI run amuck. But these bugs could lead to ransomware, or worse...