Archives: March 2016
You are here: Home \ 2016 \ March \ Page 8
Google pushed out the latest version of its flagship browser Chrome on Tuesday, fixing three high severity bugs in the process. The update graduates the browser to version number 49.0.2623.87 for Windows, Mac, and Linux, according to a post on Google’s Chrome Releases blog this week. Two of the bugs, a type confusion vulnerability and...
Florida-based cancer treatment center 21st Century Oncology Holdings is warning 2.2 million patients that health data and Social Security numbers were stolen from its computer network. The breach, which was revealed on March 4, occurred last November and included the theft of patient names, Social Security numbers, physicians’ names, diagnoses and treatment information, and insurance information....
Microsoft released a baker’s dozen worth of security bulletins on Tuesday, including five rated critical and two rated important that could result in remote code execution attacks against compromised machines. Two of the bulletins rated critical address flaws in Internet Explorer and Microsoft Edge. The IE bulletin, MS16-023, patches 13 vulnerabilities in the browser, all...
Adobe today released security updates for its PDF editing and viewing products, Acrobat and Reader, and its ereader for books called Adobe Digital Editions. And while the customary Flash update is missing from today’s monthly rollout, Adobe said a new version of the software will be available “in the coming days.” Last month, Adobe patched...
Anand Prakash could have hacked your Facebook account or anyone else’s. The India-based security researcher found a glaring password-reset vulnerability last month that allowed him to crack open any of Facebook’s 1.1 billion accounts using a rudimentary brute force password attack. But instead of pillaging accounts for financial data, Prakash reported his findings to Facebook...
The Internet Systems Consortium (ISC) this week announced that it plans to patch versions of its Dynamic Host Configuration Protocol (DHCP) to mitigate a vulnerability that could’ve let a remote attacker cause a denial of service condition. The group acknowledged on Monday that it plans to release DHCP 4.1-ESV-R13 and DHCP 4.3.4, at some point...
Amazon reversed course on its unpopular decision to remove encryption from its Fire OS 5 tablets. Over the weekend, Amazon said, customers’ device-level encryption support will return this spring. The move comes after Amazon customers and privacy activists expressed outrage over the company’s choice to remove encryption from its popular consumer line of Fire tablets running...
Apple’s head of software engineering told law enforcement and the government via a Washington Post op-ed on Sunday that a precedent-setting backdoor into the iPhone threatens to turn back the clock on mobile security to less safe times. The column, written by Craig Federighi and posted last night, argues that the removal of security features...
Google today patched two critical holes in its problematic Android Mediaserver component which would allow an attacker to use email, web browsing, and MMS processing of media files to remotely execute code. With this latest vulnerability, Google has patched its Mediaserver more than two dozen times since the Stagefright vulnerability was discovered in August. The patch...
Apple has yet to patch a series of bypass vulnerabilities in iOS that could enable an attacker to sidestep the passcode authorization screen on iPhones and iPads running iOS 9.0, 9.1, and the most recent build of the mobile operating system, 9.2.1. Like all passcode bypass bugs, an attacker would have to have the device in...