iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.
Search across headline titles and summaries.
Background for this topic.
A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.
Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.
Weekly headline count for the current query.
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities.
Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.
Find out why a vital component of vulnerability management needs to be the capacity to prioritize from Mariano Nunez, CEO of Onapsis and Threatpost Infosec Insiders columnist.
A radio control system for drones is vulnerable to remote takeover, thanks to a weakness in the mechanism that binds transmitter and receiver.
Attacks against U.S. companies spike in Q1 2022 with patchable and preventable external vulnerabilities responsible for bulk of attacks.
CISA warns that threat actors are ramping up attacks against unpatched Log4Shell vulnerability in VMware servers.
Traditional vulnerability management programs are outdated, with little to no innovation in the last two decades. Today's dynamic IT environment demands an advanced vulnerability management program to deal with the complex attack surface and curb security risks.
A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets.
The vulnerability remains unpatched on many versions of the collaboration tool and has potential to create a SolarWinds-type scenario.
Threat actors already are exploiting vulnerability, dubbed ‘Follina’ and originally identified back in April, to target organizations in Russia and Tibet, researchers said.
Cisco Talos discovered eight vulnerabilities in the Open Automation Software, two of them critical, that pose risk for critical infrastructure networks.
Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites.
Research indicates that organizations should make patching existing flaws a priority to mitigate risk of compromise.
Wireless features Bluetooth, NFC and UWB stay on even when the device is powered down, which could allow attackers to execute pre-loaded malware.
The vulnerability is 'critical' with a CVSS severity rating of 9.8 out of 10.
Four months after the critical flaw was discovered, attackers have a massive attack surface from which they can exploit the flaw and take over systems, researchers found.
Nate Warfield, CTO at Prevailion, discusses the dangers of focusing on zero-day security vulnerabilities, and how security teams are being distracted from the day-to-day work that prevents most breaches.
Fortinet's Derek Manky discusses the exponential increase in the speed that attackers weaponize fresh vulnerabilities, where botnets and offensive automation fit in, and the ramifications for security teams.