A new version of Git has been emitted to ward off attempts to exploit Vulnerability-related.DiscoverVulnerability a potential arbitrary code execution vulnerability – which can be triggered by merely cloning a malicious repository . The security hole , CVE-2018-11235 , reported Vulnerability-related.DiscoverVulnerability by Etienne Stalmans , stems from a flaw in Git whereby sub-module names supplied by the .gitmodules file are not properly validated when appended to $ GIT_DIR/modules . Including `` .. / '' in a name could result in directory hopping . Post-checkout hooks could then be executed , potentially causing all manner of mayhem to ensue on the victim 's system . Another vulnerability , CVE-2018-11233 , describes Vulnerability-related.DiscoverVulnerability a flaw in the processing of pathnames in Git on NTFS-based systems , allowing the reading of memory contents . In a change from normal programming , the vulnerability appears to be cross platform . Fear not , however , because a patch is available Vulnerability-related.PatchVulnerability . The Git team released Vulnerability-related.PatchVulnerability the update in 2.13.7 of the popular coding , collaboration and control tool and forward-ported it to versions 2.14.4 , 2.15.2 , 2.16.4 and 2.13.7 . For its part , Microsoft has urged users to download 2.17.1 ( 2 ) of Git for Windows and has blocked the malicious repositories from being pushed to Visual Studio Team Services users . The software giant has also promised a hotfix will `` shortly '' be available Vulnerability-related.PatchVulnerability for its popular Visual Studio 2017 platform . Other vendors , such as Debian , have been updating Vulnerability-related.PatchVulnerability their Linux and software distributions to include the patched code and recommend that users upgrade Vulnerability-related.PatchVulnerability to thwart ne'er-do-wells seeking to exploit Vulnerability-related.DiscoverVulnerability the vulnerability .

A new iPhone and a new iOS are here , but a number of bugs , and security flaws , have frustrated early adopters . iOS 12.0.1 , Apple 's first update after the release of iOS 12 , has patched Vulnerability-related.PatchVulnerability two vulnerabilities that could have allowed a user to bypass a device 's passcode . Spanish hacker Jose Rodriguez was able to use Siri to enable VoiceOver mode , which could pull up the phone 's contacts . You can see the specifics of his ( very complicated ) procedure in the video below . Apple also says it has fixed Vulnerability-related.PatchVulnerability a bug that caused the new iPhones to stop charging when their screens turned off . This was n't an issue our review unit had , but it was noted throughout multiple forums and message boards . The company has fixed Vulnerability-related.PatchVulnerability a number of smaller bugs as well . A bug that caused the phone to automatically join 2.4-GHz networks rather than 5 GHz networks , a bug that sometimes caused Bluetooth to become unavailable , and a bug that blocked subtitles from appearing in some video apps are no longer . iPad users were n't left out , either . To some users ' chagrin , the original iOS 12 moved the `` 123 '' key closer to the center of the iPad keyboard . You can breathe easy again : The key has moved back to the far left . The update should be available Vulnerability-related.PatchVulnerability to all users now . If you do n't have automatic updates enabled , we recommend you update Vulnerability-related.PatchVulnerability to the new patch ASAP if you 've experienced any of these flaws , or are worried about hackers obtaining your phone .

An exploit in the Android operating system means almost 40 percent of users are vulnerable Vulnerability-related.DiscoverVulnerability to screen-hijacking apps , but it is unlikely to be fixed Vulnerability-related.PatchVulnerability until winter . The bug , which was first spotted Vulnerability-related.DiscoverVulnerability by researchers at Check Point , is caused by a development oversight in Android permissions , which in the past required users to manually grant downloaded applications the ability to display content on top of other app panes . However following complaints from users who found it difficult to manually whitelist each app , the Android 6.0.1 'Marshmallow ' update made this process automatic , which was good news for legitimate apps like WhatsApp and Facebook Messenger . It appears that fix has meant apps hiding malicious codes are able to bypass security also being automatically granted the same access , specifically the 'SYSTEM_ALERT_WINDOW ' permission . According to Google 's own statistics , the vulnerability will be active Vulnerability-related.DiscoverVulnerability on close to 40 percent of all Android devices . `` As a temporary solution , Google applied Vulnerability-related.PatchVulnerability a patch in Android version 6.0.1 that allows the Play Store app to grant run-time permissions , which are later used to grant SYSTEM_ALERT_WINDOW permission to apps installed from the app store , '' the Check Point research team explained in a blog post . `` This means that a malicious app downloaded directly from the app store will be automatically granted this dangerous permission . '' This permission is particularly dangerous as it allows an app to display over any other app , without notifying the user . This means apps are able to display fraudulent adverts or links to content hosting malicious code , which are heavily used in banking Trojans . `` It can also be used by ransomware to create a persistent on-top screen that will prevent non-technical users from accessing their devices , '' explained the team . This particular permissions exploit is used by 74 percent of all ransomware , 57 percent of adware and 14 percent of banker malware , according to the report , clearly demonstrating that this is a widespread tactic in the wild . What 's worrying is that Google has stated that a fix will be available Vulnerability-related.PatchVulnerability in time for the release of Android O , which is n't expected until late summer . In the meantime , Check Point has urged users to beware of dodgy-looking apps and to check the comments left by other users . Although the Play Store is able to police the apps being uploaded to its platform , malicious content is repeatedly bypassing security checks . Check Point recently disclosed the discovery of a new malware strain hidden inside game guides hosted on the Play Store , thought to have infected close to two million Android devices over the past seven months .