Apple zero-day drama for Macs, iPhones and iPads – patch now!
Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...
Patch management fixes known software flaws before attackers exploit them, reducing intrusion risk; prioritize critical systems and verify deployment.
Search across headline titles and summaries.
Background for this topic.
Patch is a software, firmware, or configuration update that fixes a defect, including a vulnerability an attacker could use to gain access, execute code, escalate privileges, or expose data. Patching reduces the exploitable attack surface across operating systems, applications, network devices, and embedded systems; it does not remove risk from unsupported or misconfigured assets, and updates can sometimes introduce compatibility or availability problems.
Effective patch management starts with an accurate inventory and vulnerability assessment, then prioritizes internet-facing systems, high-impact assets, and flaws known to be exploited. Organizations should test updates where practical, deploy them within defined time limits, verify installation, and retain rollback or compensating controls when immediate patching is unsafe. Monitoring vendor advisories and threat intelligence can identify urgent fixes, while documenting exceptions and coverage supports vulnerability management and audit requirements.
Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...
A memory issue affects myriad iPhone, iPad and MacOS devices and allows attackers to execute arbitrary code after processing malicious web content.
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added to the catalog of vulnerabilities another 15 security issues actively used in cyberattacks. [...]
Apple on Thursday released security updates for iOS, iPadOS, macOS, and Safari to address a new WebKit flaw that it said may have been actively exploited in the wild, making it the company's third zero-day patch since the start of the year
Apple has released security updates to fix a new zero-day vulnerability exploited in the wild by attackers to hack iPhones, iPads, and Macs. [...]
SAP’s Patch Tuesday brought fixes for a trio of flaws in the ubiquitous ICM component in internet-exposed apps. One of them, with a risk score of 10, could allow attackers to hijack identities, steal data and more.
SAP’s Patch Tuesday brought fixes for a trio of flaws in the ubiquitous ICM component in internet-exposed apps. One of them, with a risk score of 10, could allow attackers to hijack identities, steal data and more.
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned admins to patch a set of severe security flaws dubbed ICMAD (Internet Communication Manager Advanced Desync) and impacting SAP business apps using Internet Communication Manager (ICM). [...]
All vulnerabilities rated “important” with one publicly disclosed
Microsoft on Tuesday rolled out its monthly security updates with fixes for 51 vulnerabilities across its software line-up consisting of Windows, Office, Teams, Azure Data Explorer, Visual Studio Code, and other components such as Kernel and Win32k
Microsoft today released software updates to plug security holes in its Windows operating systems and related software. This month's relatively light patch batch is refreshingly bereft of any zero-day threats, or even scary critical vulnerabilities. But it does fix four dozen flaws, including several that Microsoft says will likely soon be exploited by malware or malcontents.
This batch had zero critical CVEs, which is unheard of. Most (50) of the patches are labeled Important, so don't delay to apply the patches, security experts said.
Today is Microsoft's February 2022 Patch Tuesday, and with it comes fixes for one zero-day vulnerability and a total of 48 flaws. [...]
Feb. 18 is the deadline to patch a bug that affects all unpatched versions of Windows 10 and requires zero user interaction to exploit.
The now-patched flaw that led to the ForcedEntry exploit of iPhones was exploited by both NSO Group and a different, newly detailed surveillance vendor.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging federal agencies to secure their systems against an actively exploited security vulnerability in Windows that could be abused to gain elevated permissions on affected hosts