vulnerability

Google has released Chrome version 102.0.5005.115 for Windows, Mac, and Linux. The new release fixes a total of seven security vulnerabilities — of which, four are marked highly severe. The update is rolling out to desktop users across Windows, macOS and Linux platforms over the coming days. India's Computer Emergency Response Team (CERT-In) and the United States Cybersecurity and Infrastructure Agency (CISA) have urged users to install the latest Chrome release on their systems to prevent the reported issues.The four…

To get a roundup of TechCrunch’s biggest and most important stories delivered to your inbox every day at 3 p.m. PDT, subscribe here. It’s Friday, June 10, 2022, and Haje is on the road, so it’s just me today. Before I let you enjoy the weekend, there are a few housekeeping items to address. First, TechCrunch Disrupt will be in person this year, and today is the last day to raise your hand to speak. Second, if you’re attending TC Sessions: Climate next week, we have your inside look on what to…

(Image credit: Max Tech/YouTube)MIT Computer Science & Artificial Intelligence Laboratory (CSAIL) scientists unveiled a new attack methodology that exploits a hardware vulnerability in Arm processors, including the Apple M1 series of chips, by using a new PACMAN technique to steal data. The team used an Apple M1 processor as the demo chip for the exploit and claims the attack can even potentially access the core operating system kernel, thus giving attackers full control of a system through a combination of software…

Check Point Research, a cyber security research firm has recently published its findings on a new vulnerability discovered in the baseband processor of Unisoc chipsets. Simply put, the vulnerability affects the network modem that is part of the chipset and responsible for network connectivity. It could theoretically allow an attacker to send a corrupted network packet and disable or interrupt the device's network connectivity. As far as we know, that's the extent to which the vulnerability can be used so far. We…

China-backed hackers are exploiting a newly discovered zero-day vulnerability in Microsoft Office, according to a threat analysis research. The vulnerability, which has been called "Follina" by security researchers, allows attackers to execute malicious code on Windows systems through Microsoft Word documents. Microsoft acknowledged the existence of the security loophole shortly after it was brought to notice last week. However, it is yet to be fixed. The Redmond company did not provide any clarity on when exactly it…

A newly discovered vulnerability in Microsoft Office is already being exploited by hackers linked to the Chinese government, according to threat analysis research from security firm Proofpoint. Details shared by Proofpoint on Twitter suggest that a hacking group labeled TA413 was using the vulnerability (named “Follina” by researchers) in malicious Word documents purported to be sent from the Central Tibetan Administration, the Tibetan government in exile based in Dharamsala, India. The TA413 group is an APT, or…

Microsoft Office is found to have a zero-day vulnerability that can allow attackers to execute code using a specially crafted Word file. Called Follina, the security issue can impact users the moment they open the malicious Word document on their system. It enables attackers to execute PowerShell commands via Microsoft Diagnostic Tool (MSDT). Office 2013 and later versions are impacted by the Follina zero-day vulnerability, according to researchers. Microsoft has not yet brought its fix.Tokyo-based cybersecurity research…

Written by Chris Duckett, APAC Editor…

Apple today has stopped signing iOS 14.4.1, which means that users who have updated their device to iOS 14.4.2 can no longer downgrade. This follows Apple’s release of iOS 14.4.2 one week ago, which included an important security fix. Apple released iOS 14.4.2 last week to fix a critical security vulnerability. Apple said that a bug in WebKit could allow a malicious website to activate arbitrary cross-site scripting. According to Apple, the vulnerability had been exploited in the wild. Prior to iOS 14.4.2 being…

Apple has achieved yet another world-first, but this time the achievement comes closer to a poisoned apple than to a positive turn of events. A team of researchers with the University of Illinois Urbana-Champaign, Tel Aviv University, and the University of Washington have demonstrated a world-first Data Memory-Dependent Prefetcher (DMP) vulnerability, dubbed "Augury," that's exclusive to Apple Silicon. If exploited, the vulnerability could allow attackers to siphon off "at rest" data, meaning the data doesn't even need…