zero day

Two separate reports point to a spike in zero-day bugs . That's when would-be attackers trying to exploit a bug have a head-start over developers who are trying to fix and patch it. When software developers discover a security vulnerability (or are ... told about it by responsible researchers), they are in a race against time to find and roll out a fix before attackers discover it and start trying to take advantage. Often they'll only have a matter of days. A zero-day bug is defined as one whose existence is (or was) discovered by hackers before it is known to the software developers. That means ... (view more)

Google has issued a third zero-day bug warning for Chrome this year. While the browser will auto-update, it's a reminder not to leave it open indefinitely. In short, a zero-day bug refers to the time developers discovered the problem and were able ... to roll out a fix. Ideally, they'll have a head start and can either get the patch in place before would-be attackers even start working on exploiting it. In this case, however, attackers not only know about the bug but are already taking advantage before developers can roll out a fix. Memory Compromised This particular bug is described as a "type ... (view more)

Apple has released a patch for a potentially serious iPhone bug. It's worth double-checking the patch was installed automatically and forcing it to do so if it has not. The fix comes in version 15.0.2 of iOS and patches an actively exploited ... zero-day bug. That means attackers not only know about the security hole but were already using it before Apple could release a fix. In other words, Apple had a "zero days" head start in the battle between patching and hacking. The bug involves memory corruption and means a correctly-targeted attack could allow malware to access parts of the memory that ... (view more)

Apple has patched a security flaw that could compromise phones and tablets just by users receiving a message. The exploit would use an attachment in iMessages but wouldn't require the user to click or open it. It's a potentially very serious flaw ... though ironically that may be the saving factor for most ordinary users. Because it's so serious, experts believe it's most likely to be used for highly targeted attacks. The bug was discovered by researchers at the University of Toronto, who say it's an example of "zero-click spyware". While they've seen similar attacks on Apple devices before, it's ... (view more)

Security experts have warned users to take extra care opening Microsoft Office files. An unpatched bug in Internet Explorer can affect users regardless of their preferred browser. The bug takes advantage of the way Office files can open links in ... Internet Explorer. It means that attackers can craft Office files that, once opened, automatically load an "attack" page in Internet Explorer that installs malware. Exactly what malware to install is up to the attacker. There is some protection for some users. In many cases, Office will by default open a document in Protected View, which blocks links ... (view more)

If you use Chrome, you need to make sure it's up to date. The browser has been hit by a dreaded zero-day flaw . In this case, hackers are aware of the bug and are actively exploiting it before Google has a chance to issue a security patch. The name ... comes from the fact that Google has "zero days" head start in getting the patches out. Google confirmed that it "is aware of reports that an exploit for CVE-2021-21166 [the bug in question] exists in the wild." (Source: googleblog.com ) High Severity Flaw The security flaw is rated as "high severity" on Google's rankings of how much ... (view more)

As many as 100 million PCs could still be running Windows 7 according to a newly-published estimate. That's despite Microsoft withdrawing support for the 11-year old system last year. The estimate comes from Ed Bott of ZDNet and is based on data ... published at analytics.usa.gov. That brings together site visitor data from most US government agencies. It means the figures will primarily represent visitors from the United States. (Source: zdnet.com ) Bott notes that across the agencies, 8.5 per cent of visitors in the past 90 days were running Windows 7 and 3.4 percent running Windows 8 or 8.1. ... (view more)

Google has issued a critically important update to its Chrome browser due to a nasty zero day bug. The browser should update automatically for most users, but the bug is serious enough that it's a case of checking to ensure that the update has been ... successfully applied. The update fixes three security problems, one of which is a critical. It means hackers were actively exploiting the problem before Google fixed it - meaning the update process gave users a zero day head start on the bad guys (hence the term, ' zero day exploit '). Perhaps unsurprisingly, Google isn't saying much at all about ... (view more)

Microsoft has issued an emergency patch for Internet Explorer. In the most extreme circumstances, a user simply visiting a website could give a hacker complete remote control of a computer. Between Chrome's dominance and Edge becoming the default on ... new Windows machines, Internet Explorer is far from popular and is now used on around 8 percent of desktop computers. However, that still means around a hundred million machines could be affected by this bug. (Source: bbc.co.uk ) It's a sign of how serious the problem is that Microsoft has issued an emergency patch, or as it calls it, an out-of- ... (view more)

Google says it has found half a dozen major security flaws in Apple's iPhone messaging system. A new iOS update fixes five of the problems, but Google says one remains unpatched. The flaws were discovered by Google's Project Zero, a department that ... takes its name from the idea of "zero day" bugs . That's where would-be hackers become aware of a security issue before the relevant software developers are able to patch the bug. The zero day bugs are then exploited which often results in elevated privileged access levels given to a rogue program. The problems are with iMessage, the instant ... (view more)