Tag Archive for: patch

OnePlus Nord CE gets July 2023 Android security patch

/in


OnePlus has announced the incremental rollout of the OxygenOS 13 F.50 update for users of the OnePlus Nord CE. This update is currently being rolled out in batches to users in the India (IN) region.

The OxygenOS 13 F.50 update brings a couple of improvements and bug fixes, aiming to enhance the overall user experience on the OnePlus Nord CE. One notable enhancement is the integration of the July 2023 Android security patch, which boosts system security.

Furthermore, the update addresses an issue that could lead to stuttering on the Home screen after unlocking the phone.

With the OxygenOS 13 F.50 update, OnePlus has also rectified an issue that could cause the Photos app to crash under certain scenarios.

Below is the complete update changelog shared by OnePlus on the Community forums:

System

  • Integrates the July 2023 Android security patch to enhance system security.
  • Fixes an issue that might cause the Home screen to stutter after you unlock your phone.

Camera

  • Fixes an issue that might cause the Photos app to crash in certain scenarios.

As with most software updates, the OxygenOS 13 F.50 update is being rolled out in batches, which means a limited number of users will receive it today. A broader rollout will commence in a few days.

To check for the OxygenOS 13 F.50 update manually, navigate to Settings > System > System Updates.

OnePlus Nord CE: Specifications

Here are the key specifications of the OnePlus Nord CE:

Display

  • 6.43-inch Fluid AMOLED display
  • 90Hz refresh rate

Processor and Memory

  • Qualcomm Snapdragon 750G
  • 6GB/8GB/12GB LPDDR4X RAM

Storage

Operating System

Cameras

  • Rear Camera

    • 64 MP primary camera with f/1.8 aperture
    • 8 MP ultra-wide-angle camera with f/2.3 aperture
    • 2 MP mono sensor with f/2.4 aperture

  • Front Camera

Battery

  • 4,500mAh non-removable battery
  • Warp Charge 30T Plus fast charging (30W)

Others

  • 5G connectivity
  • In-display fingerprint sensor
  • 3.5mm headphone jack

Source…

Organizations urged to patch critical ransomware vulnerability 

/in


The Cybersecurity and Infrastructure Security Agency June 15 urged organizations to apply Progress Software updates  to the MOVEit Transfer web application to prevent ransomware attackers from exploiting a critical vulnerability used to steal data. The FBI and CISA alerted (https://www.aha.org/news/headline/2023-06-09-agencies-take-steps-protect-against-latest-clop-ransomware-tactics) organizations to the vulnerability last week.
 
“The notorious Russia-linked ransomware gang CLOP is exploiting previously unknown software flaws in MOVEit Transfer to target hospitals, health systems, corporations and government agencies, resulting in a serious ransomware threat against critical infrastructure,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “Due to the scope and scale of organizations targeted, this strategic cyberthreat may be related to ongoing geopolitical tensions with Russia. The fact that the Russian security services do not cooperate with the U.S. and allied law enforcement agencies, provides a permissive environment for these Russia-based groups to operate from, with or without the explicit approval of the Russian government. It is strongly recommended that any instance of the MOVEit application be identified and that it be immediately disconnected from all networks and the internet until this threat is fully resolved. This is also a good opportunity to review all file transfer systems within your environments for necessity, security and patching.” 
 
For more information, see AHA’s Cybersecurity Advisory or contact Riggi at [email protected]. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity

Source…

New Android updates patch kernel bug exploited in spyware attacks

/in


This month’s Android security updates patched a high-severity vulnerability that allowed attackers to install commercial spyware on Android devices.

Hackers exploited the security flaw (CVE-2023-0266) as a zero-day in a spyware campaign. This campaign targeted Samsung Android phones as part of a complex chain of multiple zero-days and n-days.

The exploit chain also included a zero-day (CVE-2022-4262) in the Chrome web browser and a Chrome sandbox escape. In addition, there were vulnerabilities in the Mali GPU Kernel Driver and the Linux Kernel.

What Google TAG says about it

The Android security team has warned that the CVE-2023-0266 vulnerability may be under limited, targeted exploitation. Google TAG had linked the attacks to the Spanish spyware vendor Variston. This vendor is known for its Heliconia exploit framework that targets the Windows platform.

The vulnerability is a weakness in the Linux Kernel subsystem that could result in privilege escalation without requiring user interaction.

According to the Google TAG report, attackers deployed a spyware suite on compromised devices that could decrypt and extract data from chat and browser apps.

The Android security team wants users to update ASAP

In response to the threat, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2023-0266 to the Known Exploited Vulnerabilities list a day after the published Google TAG report.

Federal Civilian Executive Branch Agencies (FCEB) were given until April 20 to secure all vulnerable Android devices against attacks that could target the bug. This month’s Android security updates also address dozens of other high-severity privilege escalation issues in the OS and various components.

On top of that, the Android security team published the May Pixel Update Bulletin on Monday, which addresses flaws in supported Pixel devices and Qualcomm components. Android users must update their devices as soon as possible to protect against potential attacks.

Also read: This is how to keep mobile devices safe in the workplace


Source…

Microsoft’s Patch Tuesday for April 2023 closes 97 security bugs, 1 zero-day flaw

/in


Recap: Every second Tuesday of the month, Microsoft rolls out its latest collection of security fixes. The unofficial ‘Patch Tuesday’ definition has been used by Microsoft in the last 20 years to describe the company’s release of security fixes for Windows and other products.

For April 2023, the company’s update focuses on closing multiple vulnerabilities as well as a nasty zero-day flaw.

According to Microsoft’s official security bulletin, patches released in April 2023 provide updates for many Windows components including the Kernel, Win32K API, .NET Core, the Azure cloud platform, Microsoft Office applications, Visual Studio, and Windows Active Directory. All things considered, the latest Patch Tuesday fixes 97 security flaws.

Seven vulnerabilities are classified with a “critical” risk level, as they could be abused to remotely execute potentially malicious code. The Patch Tuesday flaws are classified as follows: 20 elevation of privilege vulnerabilities, eight security feature bypass vulnerabilities, 45 remote code execution vulnerabilities, 10 information disclosure vulnerabilities, nine denial of service vulnerabilities, and six spoofing vulnerabilities.

The list doesn’t include 17 security flaws in Microsoft Edge that were fixed a week ago. A complete report on all the flaws and related advisories has been published by Bleeping Computer. Besides security fixes, on Patch Tuesday day Microsoft also rolled out cumulative, non-security updates for Windows 11 (KB5025239) and Windows 10 (KB5025221, KB5025229).

The single zero-day vulnerability is tracked as CVE-2023-28252, or ‘Windows Common Log File System Driver Elevation of Privilege Vulnerability.’ An attacker who successfully exploits this vulnerability could gain system privileges, Microsoft explains, meaning that they could achieve the highest access level available on a Windows OS.

According to security researchers, cyber-criminals are already trying to exploit the CVE-2023-28252 bug to spread the Nokoyawa ransomware to organizations belonging to wholesale, energy, manufacturing, and healthcare industries. The flaw is similar to another privilege escalation bug supposedly fixed by Microsoft in…

Source…