Microsoft hit by Storm season – a tale of two semi-zero days

By: Paul Ducklin — July 18^th 2023 at 16:59

The first compromise didn't get the crooks as far as they wanted, so they found a second one that did...

Naked Security

Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs

By: Paul Ducklin — July 10^th 2023 at 23:12

Don't delay, do it today. This is a code-implantation bug in WebKit that attackers already know how to exploit.

Naked Security

Apple issues emergency patches for spyware-style 0-day exploits – update now!

By: Paul Ducklin — April 8^th 2023 at 01:20

A bug to hack your browser, then a bug to pwn the kernel... reported from the wild by Amnesty International.

Naked Security

Apple patches everything, including a zero-day fix for iOS 15 users

By: Paul Ducklin — March 28^th 2023 at 00:23

Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.

Naked Security

Microsoft fixes two 0-days on Patch Tuesday – update now!

By: Paul Ducklin — March 15^th 2023 at 00:06

An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.

Naked Security

S3 Ep113: Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text]

By: Paul Ducklin — December 15^th 2022 at 17:10

Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!

Naked Security

How to hack an unpatched Exchange server with rogue PowerShell code

By: Paul Ducklin — November 22^nd 2022 at 17:54

Review your servers, your patches and your authentication policies - there's a proof-of-concept out

Naked Security

Exchange 0-days fixed (at last) – plus 4 brand new Patch Tuesday 0-days!

By: Paul Ducklin — November 9^th 2022 at 17:58

In all the excitement, we kind of lost track ourselves. Were there six 0-days, or only four?

Naked Security

Chrome issues urgent zero-day fix – update now!

By: Paul Ducklin — October 29^th 2022 at 15:08

We've said it before/And we'll say it again/It's not *if* you should patch/It's a matter of *when*. (Hint: now!)

Naked Security

Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now!

By: Paul Ducklin — October 25^th 2022 at 18:03

Ventura hits the market with 112 patches, Catalina's gone missing, and iPhones and iPads get a critical kernel-level zero-day patch...

Naked Security

Patch Tuesday in brief – one 0-day fixed, but no patches for Exchange!

By: Paul Ducklin — October 12^th 2022 at 16:58

There's a zero-day patch, but it's not for the zero-day you thought.

Naked Security

Google patches “in-the-wild” Chrome zero-day – update now!

By: Paul Ducklin — July 5^th 2022 at 15:55

Running Chrome? Do the "Help-About-Update" dance move right now, just to be sure...

Naked Security

Apple patches zero-day kernel hole and much more – update now!

By: Paul Ducklin — May 17^th 2022 at 09:30

You'll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions.