Microsoft January Patch Tuesday Update Fixes 16 Critical Bugs

Thanks to Meltdown and Spectre, January has already been an extremely busy month of patching for Microsoft.

Anti-Virus Updates Required Ahead of Microsoft’s Meltdown, Spectre Patches

Microsoft is pausing the rollout of Windows Meltdown and Spectre patches until hosted anti-virus software vendors confirms no unsupported Windows kernel calls via the addition of a registry key on PCs.

Apple Releases Spectre Patches for Safari, macOS and iOS

Apple releases patches addressing the Spectre vulnerability impacting its macOS, iPhone, iPad and iPod touch.

New Rules Announced for Border Inspection of Electronic Devices

The U.S.

Customs and Border Patrol announced new restrictions on when agents can copy data from digital devices at border crossing points.

Experts Weigh In On Spectre Patch Challenges

Mitigating Spectre and Meltdown flaws won't be easy, but experts say exploits targeting Spectre will be hard to patch against.

Google Play Removes 22 Malicious ‘LightsOut’ Apps From Marketplace

Google removed 22 malicious adware apps ranging from flashlights, call recorders to wifi signal boosters that together were downloaded up to 7.5 million times from the Google Play marketplace.

CPU Side-Channel Information Disclosure Vulnerabilities

On January 3, 2018, researchers disclosed three vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks.


Vendors Share Patch Updates on Spectre and Meltdown Mitigation Efforts

Intel, Amazon, ARM, Microsoft and others have shared patch updates to keep customers informed on their mitigation efforts to protect against the far reaching Spectre and Meltdown vulnerabilities impacting computers, servers and mobile devices worldwide. 

VU#584653: CPU hardware vulnerable to side-channel attacks

CPU hardware implementations are vulnerable to cache side-channel attacks.

These vulnerabilities are referred to as Meltdown and Spectre.

Cisco WebEx Advanced Recording Format Player Remote Code Execution Vulnerability

A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user.

The attacker could exploit this vulnerability by sending the...

Intel In Security Hot Seat Over Serious CPU Design Flaw

Intel is grappling with a processor design flaw impacting CPUs used in Linux, Windows and some macOS systems.

MacOS LPE Exploit Gives Attackers Root Access

A researcher with the Twitter handle ‘Siguza’ published details of a macOS local privilege escalation vulnerability dating back to 2002 that could give an attacker root access to systems.