Patch/Configuration Management, Vulnerability Management

Mozilla patches 11 issues with Firefox, three rated critical

January 28, 2016

Mozilla released 11 patches for Firefox 44 and Firefox ESR 38.6 with three being rated as critical.

The first critical issue posted by Mozilla is an integer overflow during metadata parsing in Mozilla's use of the libstagefright library that could be exploited if triggered by a malicious MP4 formatted video file that would allow arbitrary code execution.

Another critical flaw was discovered when a researcher used the Address Sanitizer tool to find a buffer overflow write when rendering some WebGL content, which could lead to a potentially exploitable crash.

Mozilla also identified and fixed several memory safety bugs in the browser engine used by Firefox and other Mozilla-based products that could be corrupted and exploited to run arbitrary code.

Two of the remaining issues were rated as “high” and the other six were of moderate importance.

Doug Olenick

Vulnerability Management

Apple patches TCC bypass vulnerability

SC StaffDecember 19, 2024

The vulnerability, tracked as CVE-2024-44131, was discovered in the FileProvider component and has been fixed in iOS 18, iPadOS 18, and macOS Sequoia 15 through improved validation of symbolic links.

concept of leaky software, data with a tap sticking out.3d illustration

Data Security

Misconfiguration exposes Virtavo security cam user data

SC StaffDecember 18, 2024

Over 8.7 million records, many of which are duplicates, were discovered within the server, including user phone numbers, network information, device identifiers, performance metrics, and other personal details, according to Cybernews researchers.