LINK A CVSS 9.8 was found in the Palo Alto security appliances in PAN-OS 8.1 prior to 8.1.17. Update immediately.
Category: Zero Day
Google Android affected by a 0-day, under active attack
LINK If you can, make sure security updates on your mobile devices are rolled out!
7 New Zero-Day Vulnerabilities found in Windows called “Blackswan”
LINK Research has come forward from a security research organization. The Vulnerabilities have been updated by Microsoft via its Patch Tuesday releases over the course of the last few months since these vulnerabilities were released to Microsoft ethically and responsibly. Patch normally and you are secure.
Apple quietly releases 15.0.2 for iPhones
LINK Well, nothing to say other than update…again
Apache releases NEW update to Critical Update from earlier this week
LINK Apache was affected by a zero-day earlier this week. They have released a NEW update for the update that was pushed out earlier this week. The fix that was released earlier was ineffectual. Download and use 2.4.51, not 2.4.50.
Apache updates HTTP server from a Zero-Day, Update NOW
LINK Time to update immediately as the Apache Foundation has released an update to their HTTP server that fixes a Zero-Day.
F-Secure Researcher produces POC for macOS Gatekeeper Bypass
LINK This vulnerability should be patched as it bypasses all protections put in by Apple. – CVE-2021-1810
Google patches two more Zero Days in Chrome
LINK This year Google Chrome has been a huge target and this makes a double digit number of zero days Google has had to address. If you have Chrome, make sure to update it.
Microsoft releases Out-Of-Band patch for MSHTML and Office
LINK Microsoft has released what looks to be an out of band patch – Microsoft MSHTML Remote Code Execution Vulnerability – CVE 2021 40444 Looks like it needs to be prioritized.
Researcher publishes a PoC for a Ghostscript Zero-Day
LINK Time to investigate updating Ghostscript to avoid this RCE.