Patch/Configuration Management, Vulnerability Management

Google engineer finds Windows kernel bug

January 19, 2010

A security engineer on Tuesday posted details about an unpatched Windows kernel vulnerability. The flaw affects all versions of the operating system and can result in privilege escalation, according to an advisory posted to the Full Disclosure mailing list by Google engineer Tavis Ormandy. A successful exploit can allow an attacker to change the address for the kernel stack. Ormandy was responsible for reporting the lone vulnerability patched in last week's Microsoft security update. A Microsoft spokeswoman had no immediate comment. — DK

Dan Kaplan

Patch/Configuration Management

Hotfixes for Sophos firewall vulnerabilities released

SC StaffDecember 23, 2024

Hotfixes have been revealed for three vulnerabilities affecting Sophos Firewall versions 21.0 GA and older, two of which were of critical severity, reports The Hacker News.

Vulnerability Management

Apple patches TCC bypass vulnerability

SC StaffDecember 19, 2024

The vulnerability, tracked as CVE-2024-44131, was discovered in the FileProvider component and has been fixed in iOS 18, iPadOS 18, and macOS Sequoia 15 through improved validation of symbolic links.

concept of leaky software, data with a tap sticking out.3d illustration

Data Security

Misconfiguration exposes Virtavo security cam user data

SC StaffDecember 18, 2024

Over 8.7 million records, many of which are duplicates, were discovered within the server, including user phone numbers, network information, device identifiers, performance metrics, and other personal details, according to Cybernews researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Related Terms

Bug Buffer Overflow Disassembly