Tag Archive for: patch

Bitdefender Fixes Major Security Vulnerability: Patch Your Software Now

/in


Bitdefender has released a patch for a major security flaw in its products that could expose users’ devices to third-party access.

Under the Common Vulnerability Scoring System (CVSS), this threat — CVE-2023-6154 — scored 7.8, representing a serious threat to users of the affected products. Hackers can exploit the vulnerability to gain control over your device, siphon off personal information, or install malware on your computer.

Vulnerability CVE-2023-6154: Local Privilege Escalation

The vulnerability in question impacts a number of Bitdefender software, including Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; and Antivirus Free: 27.0.25.114.

According to Bitdefender, the bug is a configuration issue in the seccenter.exe executable. By leveraging this vulnerability, attackers can control and influence the behavior of the software, allowing them to execute third-party libraries.

Thankfully, Bitdefender detected and issued a patch for the vulnerability that plugs the security hole in the above antivirus packages.

Bitdefender Has Faced Privilege Escalation Vulnerabilities Before

This isn’t the first time that Bitdefender has had issues with vulnerabilities. In 2020, Bitdefender Antivirus Free was found to have issues within two processes — vsserv.exe and updatesrv.exe.

These processes, which have the highest level of system permissions, could be hijacked to execute third-party, malicious scripts, according to a report by SafeBreach. Bitdefender fixed the bug a month after it was reported.

It’s not uncommon for vulnerabilities to be detected in cybersecurity products and other software. That’s why bug bounties and white hat hackers exist; they look for and report on issues like these before cybercriminals can exploit them.

How to Patch Your Bitdefender Software

If you use any of the affected Bitdefender software, we recommend updating your app immediately to receive the security patch. Here’s how:

  1. Open the Bitdefender app on your device.
  2. Click on “Update Now.”

Bitdefender sits second place in our ranking of the best antivirus solutions. To learn more about this…

Source…

Android 14 April security patch rolling out for Pixel devices

/in


Google has started the rollout of its critical April 2024 security patch for Pixel phones. The update, announced in a Pixel community post, addresses numerous vulnerabilities and potential exploits. If you own a compatible Pixel device, you might have it waiting already, but wide availability will take a few weeks.The April 2024 update targets the Pixel 5a 5G and all newer Pixel models. Look for build number AP1A.240405.002 (or the .A1 variant for the Pixel Fold). Carrier and regional factors may influence when you see the update available on your device.

Google’s release notes highlight a substantial list of fixes. The update addresses eight general Android 14 vulnerabilities (dated April 1st) and an additional 20 dated April 5th. Severity levels range from high to critical. Below are the most notable ones listed in the changelog:

  

Biometrics

  • Fix for issue causing black screen to appear when unlocking screen in certain conditions (Pixel 5a 5G)

Camera

  • Fix for camera stability under certain conditions when switching between different zooms (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel 8, Pixel 8 Pro, Pixel Fold)
  • Fix for issue with black halo artifacts appearing under certain conditions in the viewfinder upon transitioning from photo to video mode at 1x zoom (Pixel 8 and Pixel 8 Pro)
  • Fix for issue where users are unable to re-expose image after tapping anywhere on the viewfinder (Pixel 8 and Pixel 8 Pro)
  

More importantly, the company warns that two Pixel-specific flaws (CVE-2024-29745 and CVE-2024-29748), affecting the bootloader and firmware, “may be under limited, targeted exploitation.” While details are scarce, this underscores the urgency of updating your device.

Source…

OnePlus 12 receives new firmware with the March 2024 security patch

/in


What you need to know

  • OnePlus brings system-wide stability improvements with the latest OxygenOS 14 release.
  • It brings notable features like individual “app-specific volume” and pressing the volume down the rocker to turn on the flashlight.
  • The firmware rollout has been rolled out to a small percentage of OnePlus 12 users, and more will follow in the coming days.

It is that time of month when OnePlus 12 users should check their device’s settings for OTA updates, as the company announced a new update with the latest security patch.

After rolling out the OxygenOS 14.0.0.602 early last month, the company is now rolling out the 14.0.0.604 version for the OnePlus 12 devices across the Indian, North American, and Global regions, OnePlus shared in its accompanying community post over the weekend.

The new firmware released across regions brings the latest March 2024 Android security patch, and the shared changelog notably has system-wide improvements and fixes.

OnePlus 12R Genshin Impact Edition at MWC 2024

(Image credit: Nicholas Sutrich / Android Central)

The latest update allows users to “create photo collages without frames in Photos.” A new “Partial screenshot” option has been added to the Smart Sidebar in the latest OxygenOS 14 release.

Source…

For March’s Patch Tuesday, no zero-day flaws

/in


Microsoft this week pushed out 61 Patch Tuesday updates with no reports of public disclosures or other zero-days affecting the larger ecosystem (Windows, Office, .NET). Though there are three updated packages from February, they’re just informational changes with no further action is required.

The team at Readiness has crafted this helpful infographic outlining the risks associated with each of the March updates.

Known issues

Each month, Microsoft publishes a list of known issues that relate to the operating system and platforms included in the latest update cycle; for March, there are two minor issues reported:

  • Windows devices using more than one monitor might experience issues with desktop icons moving unexpectedly between monitors or see other icon alignment issues when attempting to use Copilot in Windows. Microsoft is still working on the issue.
  • For Exchange Server, Microsoft published an advisory note: after you install the latest security update there is no longer support for the Oracle OutsideIn Technology (OIT) or OutsideInModule. For more information, see this service update.

February was not a great month for how Microsoft communicated updates and revisions. With March being an exceptionally light month for reported “known issues” for desktop and server platforms, our team found no documentation issues. Good job Microsoft!

Major revisions

This month, Microsoft published the following major revisions to past security and feature updates including:

  • CVE-2024-2173, CVE-2024-2174, and CVE-2024-2176: Chromium: CVE-2024-2173 Out of bounds memory access in V8. These updates relate to recent security patches for the Chromium browser project at Microsoft. No further action required.

Mitigations and workarounds

Microsoft released these vulnerability-related mitigations for this month’s release cycle: 

  • CVE-2023-28746 Register File Data Sampling (RFDS). We are not certain how to categorize this update from Intel, as it relates to a hardware issue with certain Intel chipsets. The mitigation for this vulnerability requires a firmware update, and a corresponding Windows update enables this third-party firmware-based mitigation. More information can be…

Source…