If you ’ re a BMW owner , prepare to patch ! Chinese researchers have found Vulnerability-related.DiscoverVulnerability 14 security vulnerabilities affecting Vulnerability-related.DiscoverVulnerability many models . The ranges affected Vulnerability-related.DiscoverVulnerability ( some as far back as 2012 ) are the BMW i Series , X Series , 3 Series , 5 Series and 7 Series , with a total of seven rated serious enough to be assigned CVE Vulnerability-related.DiscoverVulnerability numbers . The vulnerabilities are in in the Telematics Control Unit ( TCU ) , the Central Gateway Module , and Head Unit , across a range of interfaces including via GSM , BMW Remote Service , BMW ConnectedDrive , Remote Diagnosis , NGTP , Bluetooth , and the USB/OBD-II interfaces . Some require local access ( e.g . via USB ) to exploit but six including the Bluetooth flaw were accessible remotely , making them the most serious . Should owners worry that the flaws could be exploited Vulnerability-related.DiscoverVulnerability , endangering drivers and vehicles ? On the basis of the technical description , that seems unlikely , although Keen Lab won ’ t release the full proof-of-concept code until 2019 . Keen Lab described the effect of its hacking as allowing it to carry out : The execution of arbitrary , unauthorized diagnostic requests of BMW in-car systems remotely . To which BMW responded : BMW Group has already implemented security measures , which are currently being rolled out via over-the-air configuration updates . Additional security enhancements for the affected infotainment systems are being developed Vulnerability-related.PatchVulnerability and will be available Vulnerability-related.PatchVulnerability as software updates for customers . In other words , some fixes have already been made Vulnerability-related.PatchVulnerability , while others will be made Vulnerability-related.PatchVulnerability between now and early 2019 , potentially requiring a trip to a service centre . Full marks to BMW for promptly responding to the research but the press release issued Vulnerability-related.PatchVulnerability in its wake reads like PR spin . To most outsiders , this is a case of Chinese white hats finding Vulnerability-related.DiscoverVulnerability vulnerabilities in BMW ’ s in-car systems . To BMW , judging by the triumphant language of its press release , it ’ s as if this was the plan all along , right down to awarding Keen Lab the “ first-ever BMW Group Digitalization and IT Research Award. ” More likely , car makers are being caught out by the attention their in-car systems are getting from researchers , with Volkswagen Audi Group experiencing some of the same discomfort a couple of weeks ago at the hands of Dutch researchers . BMW has experienced this before too – three years ago it suffered Vulnerability-related.DiscoverVulnerability an embarrassing security flaw in its car ConnectedDrive software door-locking systems . Let ’ s not feel too sorry for the car makers because it ’ s the owners who face the biggest adjustment to their expectations – software flaws and patching Vulnerability-related.PatchVulnerability are no longer just for computers .

Adobe has posted an update to address Vulnerability-related.PatchVulnerability 85 CVE-listed security vulnerabilities in Acrobat and Reader for both Windows and macOS . The PDF apps have received Vulnerability-related.PatchVulnerability a major update that includes dozens of fixes for flaws that would allow for remote code execution attacks if exploited Vulnerability-related.DiscoverVulnerability . Other possible attacks include elevation of privilege flaws and information disclosure vulnerabilities . Fortunately , Adobe said that none of the bugs was currently being targeted in the wild - yet . For Mac and Windows Acrobat/Reader DC users , the fixes will be present Vulnerability-related.PatchVulnerability in versions 2019.008.20071 . For those using the older Acrobat and Reader 2017 versions , the fix will be labeled Vulnerability-related.PatchVulnerability 2017.011.30105 . Because PDF readers have become such a popular target for email and web-based malware attacks , users and admins alike would do well to test and install the updates as soon as possible . Exploit-laden PDFs have for more than a decade proven to be one of the most reliable ways to put malware on someone 's machine . In total , Adobe credited 19 different researchers with discovering Vulnerability-related.DiscoverVulnerability and reporting Vulnerability-related.DiscoverVulnerability the vulnerabilities . Among the more prolific bug hunters were Omri Herscovici of CheckPoint Software , who was credited for finding Vulnerability-related.DiscoverVulnerability and reporting Vulnerability-related.DiscoverVulnerability 35 CVE-listed bugs , and Ke Liu and Tencent Security Xuanwu Lab , who was credited with finding Vulnerability-related.DiscoverVulnerability 11 of the patched Adobe vulnerabilities . Beihang University 's Lin Wang was given credit for nine vulnerabilities . While we 're on the subject of massive security updates , both users and admins will want to mark their calendars for a week from Tuesday . October 9 is slated to be this month 's edition of the scheduled 'Patch Tuesday ' monthly security update .

Adobe has posted an update to address Vulnerability-related.PatchVulnerability 85 CVE-listed security vulnerabilities in Acrobat and Reader for both Windows and macOS . The PDF apps have received Vulnerability-related.PatchVulnerability a major update that includes dozens of fixes for flaws that would allow for remote code execution attacks if exploited Vulnerability-related.DiscoverVulnerability . Other possible attacks include elevation of privilege flaws and information disclosure vulnerabilities . Fortunately , Adobe said that none of the bugs was currently being targeted in the wild - yet . For Mac and Windows Acrobat/Reader DC users , the fixes will be present Vulnerability-related.PatchVulnerability in versions 2019.008.20071 . For those using the older Acrobat and Reader 2017 versions , the fix will be labeled Vulnerability-related.PatchVulnerability 2017.011.30105 . Because PDF readers have become such a popular target for email and web-based malware attacks , users and admins alike would do well to test and install the updates as soon as possible . Exploit-laden PDFs have for more than a decade proven to be one of the most reliable ways to put malware on someone 's machine . In total , Adobe credited 19 different researchers with discovering Vulnerability-related.DiscoverVulnerability and reporting Vulnerability-related.DiscoverVulnerability the vulnerabilities . Among the more prolific bug hunters were Omri Herscovici of CheckPoint Software , who was credited for finding Vulnerability-related.DiscoverVulnerability and reporting Vulnerability-related.DiscoverVulnerability 35 CVE-listed bugs , and Ke Liu and Tencent Security Xuanwu Lab , who was credited with finding Vulnerability-related.DiscoverVulnerability 11 of the patched Adobe vulnerabilities . Beihang University 's Lin Wang was given credit for nine vulnerabilities . While we 're on the subject of massive security updates , both users and admins will want to mark their calendars for a week from Tuesday . October 9 is slated to be this month 's edition of the scheduled 'Patch Tuesday ' monthly security update .

Adobe has released Vulnerability-related.PatchVulnerability updates fixing Vulnerability-related.PatchVulnerability a long list of security vulnerabilities discovered Vulnerability-related.DiscoverVulnerability in the Mac and Windows versions of Acrobat and Reader . In total , the first October update brings 85 CVEs , including 47 rated as ‘ critical ’ with the remaining 39 classified as ‘ important ’ . It ’ s too early to get much detail on the flaws but those rated critical break down as 46 allowing code execution and one allowing privilege escalation . The majority of the flaws rated important involve out-of-bounds read issues leading to information disclosure . As far as Adobe is aware , none are being actively exploited . The update you should download depends on which version you have installed : For most Windows or Mac users it ’ ll be either Acrobat DC ( the paid version ) or Acrobat Reader DC ( free ) so look for update version 2019.008.20071 . For anyone on the classic Acrobat 2017 or Acrobat Reader DC 2017 , it ’ s version 2017.011.30105 . Those on the even more classic Acrobat DC ( 2015 ) or Acrobat Reader DC ( 2015 ) it ’ s version 2015.006.30456 . Anyone who still has the old Acrobat XI or Reader XI on their computer , the last version was 11.0.23 when support for this ended a year ago . A sign of success ? There was a time when having to patch Vulnerability-related.PatchVulnerability so many flaws in a small suite of products from one company would have been seen as a failure . Arguably , these days , it ’ s a sign of success – researchers are devoting the time to finding Vulnerability-related.DiscoverVulnerability vulnerabilities before the bad guys do and Adobe is turning around fixes . What ’ s surprising is that despite crediting every one of them ( and it ’ s quite a list ) , the company doesn ’ t seem to have a formal bug bounty reward program other than the separate web applications program run via third party company , HackerOne . If Adobe ’ s 85 vulnerabilities sounds excessive , have some sympathy for users of the rival Foxit PDF Reader and Foxit PhantomPDF programs . Foxit last week released what appears to be Vulnerability-related.DiscoverVulnerability 116 vulnerabilities of their own ( confusingly , many of which are not yet labelled with CVEs Vulnerability-related.DiscoverVulnerability ) . For some reason , the number of flaws being found Vulnerability-related.DiscoverVulnerability in Foxit ’ s programs has surged this year , reaching 183 before this September ’ s count , compared to 76 for the whole of 2017 . As for Adobe , these updates are unlikely to be the last we hear of the company this month – expect the usual flaws to be patched Vulnerability-related.PatchVulnerability in Adobe ’ s legacy Flash plug-in when Microsoft releases Vulnerability-related.PatchVulnerability its Windows Patch Tuesday on 9 October .

Google 's Project Zero has again called Apple out for silently patching Vulnerability-related.PatchVulnerability flaws . Apple has secretly patched Vulnerability-related.PatchVulnerability a bunch of high-severity bugs reported Vulnerability-related.DiscoverVulnerability to it by Google 's Project Zero researchers . The move has resulted in Google 's Project Zero once again calling Apple out for fixing Vulnerability-related.PatchVulnerability iOS and macOS security flaws without documenting them in public security advisories . While it 's good news that Apple beat Project Zero 's 90-day deadline for patching Vulnerability-related.PatchVulnerability or disclosing Vulnerability-related.DiscoverVulnerability the bugs it finds Vulnerability-related.DiscoverVulnerability , the group 's Ivan Fratric recently argued that the practice endangered users by not fully informing them why an update should be installed . This time the criticism comes from Project Zero 's Ian Beer , who 's been credited by Apple with finding Vulnerability-related.DiscoverVulnerability dozens of serious security flaws in iOS and macOS over the years . Beer posted Vulnerability-related.DiscoverVulnerability a blog about several vulnerabilities in iOS 7 he found Vulnerability-related.DiscoverVulnerability in 2014 that share commonalities with several bugs he has found Vulnerability-related.DiscoverVulnerability in iOS 11.4.1 , some of which he 's now released exploits for . Beer notes Vulnerability-related.DiscoverVulnerability that none of the latest issues is mentioned in the iOS 12 security bulletin even though Apple did fix Vulnerability-related.PatchVulnerability them . The absence of information about them is a `` disincentive '' for iOS users to patch Vulnerability-related.PatchVulnerability , Beer argues . `` Apple are still yet to assign CVEs Vulnerability-related.DiscoverVulnerability for these issues or publicly acknowledge that they were fixed Vulnerability-related.PatchVulnerability in iOS 12 , '' wrote Beer . `` In my opinion a security bulletin should mention the security bugs that were fixed Vulnerability-related.PatchVulnerability . Not doing so provides a disincentive for people to update Vulnerability-related.PatchVulnerability their devices since it appears that there were fewer security fixes than there really were . '' In other instances , such as one macOS bug Beer reported Vulnerability-related.DiscoverVulnerability , Apple did actually assign a CVE Vulnerability-related.DiscoverVulnerability , but it still hasn't updated Vulnerability-related.PatchVulnerability the relevant security bulletin to reflect the fix . Apple similarly allocated Vulnerability-related.DiscoverVulnerability CVE-2018-4337 to another high-severity iOS bug , which was fixed Vulnerability-related.PatchVulnerability in iOS 12 , but is n't currently acknowledged Vulnerability-related.DiscoverVulnerability in the iOS 12 security bulletin . In another case , Apple fixed Vulnerability-related.PatchVulnerability a bug that affected Vulnerability-related.DiscoverVulnerability iOS and macOS but didn't assign Vulnerability-related.DiscoverVulnerability a CVE or mention it in the security bulletins . Not only may it be a disincentive for end-users to patch Vulnerability-related.PatchVulnerability iPhones and Macs , but Beer also points out Vulnerability-related.DiscoverVulnerability in another bug report that the lack of public acknowledgement Vulnerability-related.DiscoverVulnerability by Apple means he has no way of knowing whether the issue is a duplicate that another researcher may have already found Vulnerability-related.DiscoverVulnerability . As he notes Vulnerability-related.DiscoverVulnerability in the blog , many of the bugs he has found Vulnerability-related.DiscoverVulnerability in iOS are very similar or the same as bugs found Vulnerability-related.DiscoverVulnerability by noted jailbreaking hackers Pangu Team .

A zero-day vulnerability exists in Vulnerability-related.DiscoverVulnerability WordPress Core that in some instances could allow an attacker to reset a user ’ s password and gain access to their account . Researcher Dawid Golunski of Legal Hackers disclosed Vulnerability-related.DiscoverVulnerability the vulnerability on Wednesday via his new ExploitBox service . All versions of WordPress , including the latest , 4.7.4 , are vulnerable Vulnerability-related.DiscoverVulnerability , the researcher said . The vulnerability ( CVE-2017-8295 ) happens because WordPress uses what Golunski calls untrusted data by default when it creates a password reset email . In a proof-of-concept writeup , Golunski points out that WordPress uses a variable , SERVER_NAME , to get the hostname to create a From/Return-Path header for the password reset email . Since that variable , by its nature , can be customized , an attacker could insert a domain of his choosing and make it so an outgoing email could be sent to a malicious address , the researcher says . The attacker would then receive the reset email and be able to change the account password and take over . “ Depending on the configuration of the mail server , it may result in an email that gets sent to the victim WordPress user with such malicious From/Return-Path address set in the email headers , ” Golunski wrote . “ This could possibly allow the attacker to intercept the email containing the password reset link in some cases requiring user interaction as well as without user interaction. ” Golunski writes that there are three scenarios in which a user could be tricked Attack.Phishing , and only one of them relies on user interaction . In one , an attacker could perform a denial of service attack on the victim ’ s email account in order to prevent the password reset email from reaching the victim ’ s account . Instead , it could bounce back to the malicious sender address , pointed at the attacker . Second , Golunski says some auto-responders may attach a copy of the email sent in the body of the auto-replied message . Third , by sending multiple password reset emails , he says the attacker could trigger the victim to ask for an explanation , below , which could contain the malicious password link . Golunski said Vulnerability-related.DiscoverVulnerability he reported Vulnerability-related.DiscoverVulnerability the issue to WordPress ’ s security team multiple times , initially more than 10 months ago in July 2016 . The researcher told Threatpost that WordPress never outright rejected his claim – he says WordPress told him it was working on the issue – but acknowledged that too much time has passed without a clear resolution , something which prompted him to release details Vulnerability-related.DiscoverVulnerability on the bug on Wednesday . Campbell said that it ’ s possible WordPress will patch Vulnerability-related.PatchVulnerability the issue , even if just for poorly configured servers , but acknowledged he didn ’ t have a timetable for the fix . Concerned WordPress users should follow a public ticket that was started for the issue last July , Campbell added . While there ’ s no official fix available Vulnerability-related.PatchVulnerability yet , Golunski says users can enable the UseCanonicalName setting on Apache to enforce a static SERVER_NAME value to ensure it doesn ’ t get modified . Golunski has had his hands full finding Vulnerability-related.DiscoverVulnerability vulnerabilities related to PHP-based email platforms . He discovered Vulnerability-related.DiscoverVulnerability a remote code execution bug in SquirrelMail in January that disclosed Vulnerability-related.DiscoverVulnerability and quickly patched Vulnerability-related.PatchVulnerability last month and similar RCE bugs in PHPMailer and SwiftMailer , libraries used to send emails via PHP , at the end of 2016 .

Argentinean security researcher Manuel Caballero has discovered Vulnerability-related.DiscoverVulnerability another vulnerability in Microsoft 's Edge browser that can be exploited Vulnerability-related.DiscoverVulnerability to bypass a security protection feature and steal data such as passwords from other sites , or cookie files that contain sensitive information . The vulnerability is a bypass of Edge 's Same Origin Policy ( SOP ) , a security feature that prevents a website from loading resources and code from other domains except its own . To exploit the flaw , Caballero says that an attacker can use server redirect requests combined with data URIs , which would allow him to confuse Edge 's SOP filter and load unauthorized resources on sensitive domains . The expert explains the attack step by step on his blog . In the end , the attacker will be able to inject a password form on another domain , which the built-in Edge password manager will automatically fill in with the user 's credentials for that domain . Below is a video of the attack . Additionally , an attacker can steal cookies in a similar manner . More demos are available on a page Caballero set up here . Two weeks ago , Caballero found Vulnerability-related.DiscoverVulnerability another SOP bypass in Edge , which an attacker could also exploit to steal cookies and passwords . That particular exploit relied on a combination of data URIs , meta refresh tag , and domainless pages , such as about : blank . Compared to the previous SOP bypass , the technique Caballero disclosed Vulnerability-related.DiscoverVulnerability yesterday has the advantage that it 's faster to execute compared to the first , which required the attacker to log users out of their accounts and re-authenticate them in order to collect their credentials . Caballero has a history of finding Vulnerability-related.DiscoverVulnerability severe bugs in Microsoft browsers . He previously also bypassed the Edge SOP using Edge 's new Reading Mode , showed how you could abuse the SmartScreen security filter for tech support scams , and found a serious JavaScript attack in Internet Explorer 11 ( still unpatched ) . What 's more worrisome is that Microsoft has not patched Vulnerability-related.PatchVulnerability any of the SOP bypass issues the expert discovered Vulnerability-related.DiscoverVulnerability . `` We have 3 SOP bypasses right now , '' Caballero told Bleeping Computer today when asked to confirm the status of the three bugs . This month 's Patch Tuesday , released Vulnerability-related.PatchVulnerability two days ago , patched Vulnerability-related.PatchVulnerability the Edge SmartScreen issue Caballero discovered Vulnerability-related.DiscoverVulnerability last December , but the researcher found a way to bypass Microsoft 's patch within minutes .

Freelance security researcher Dan Melamed has done us all a solid . Then , he did the right thing : he reported it to Facebook . Melamed said in a blog post on Monday that he ’ d discovered Vulnerability-related.DiscoverVulnerability the critical vulnerability in June . Besides finding Vulnerability-related.DiscoverVulnerability a kill switch for any public video , he also discovered Vulnerability-related.DiscoverVulnerability he could disable commenting on any video . Melamed had looked at the HTTP request that his browser sends to Facebook when he uploads a video . Using a program called Fiddler , he intercepted the request , swapped out his video ’ s ID for one belonging to a victim ’ s video , and then sent the modified request on its way to Facebook . Melamed ’ s method is simple : first , an attacker would either create a public event on Facebook or visit any existing public event . Then , they ’ d go to the event ’ s Discussion tab and create an event post by uploading a photo or video . He found that when you swap the value of the composer_unpublished_photo [ 0 ] parameter for the ID of the Facebook video you want to kill , the server will balk , putting out this error message : This content is no longer available . Error message or no error message , the video will still successfully attach itself to the created event post . When an attacker refreshes the Events Discussion page , they ’ d see that the event posting had appeared with the victim ’ s video attached . Then , it ’ s just a matter of clicking a small arrow dropdown and choosing “ Delete Post ” . A dialog box will warn that the video will also be removed from Photos and Videos . If you confirm in the dialog box that yes , you want to delete the video , Poof ! Credit where credit ’ s due , Melamed noted Vulnerability-related.DiscoverVulnerability that this vulnerability is similar to another video deletion bug that Indian security researcher and penetration tester Pranav Hivarekar discovered Vulnerability-related.DiscoverVulnerability , also in June 2016 . In a nutshell : whereas Hivarekar ’ s flaw had to do with attaching a victim ’ s video to a comment , Melamed discovered Vulnerability-related.DiscoverVulnerability a way to attach the video to an event post . Delete the bath water/event post , and that baby/video gets tossed right out with it . This one had to do with how one man could have deleted any Facebook photo album that he could see . Mark offers this digression : In Melamed ’ s attack on videos , he specifies the ID of a video he ’ s targeting specifically , but since video IDs are just numbers , he could have just guessed one and wiped out a video at random .

A pair of iOS bugs identified Vulnerability-related.DiscoverVulnerability as resolved Vulnerability-related.PatchVulnerability by Apple in its latest iOS 12.1.4 release were successfully exploited Vulnerability-related.DiscoverVulnerability by hackers , according to a Google researcher who shared details Vulnerability-related.DiscoverVulnerability of the zero-day vulnerabilities on Thursday . Apple 's latest iOS 12.1.4 release , issued Vulnerability-related.PatchVulnerability earlier today , contains fixes for Foundation and IOKit flaws that , according to security researcher Ben Hawkes , were used to hack devices in the wild . As noted by ZDNet , Hawkes , leader of Google 's Project Zero security team , shared the revelation Vulnerability-related.DiscoverVulnerability on Twitter late Thursday , saying Vulnerability-related.DiscoverVulnerability the iOS bugs were leveraged as zero-day vulnerabilities . How , exactly , the vulnerabilities were exploited Vulnerability-related.DiscoverVulnerability and by whom is unknown . Both bugs were detailed Vulnerability-related.DiscoverVulnerability in Apple documentation detailing security changes delivered Vulnerability-related.PatchVulnerability with the iOS 12.1.4 package . Logged with the identifier Vulnerability-related.DiscoverVulnerability CVE-2019-7286 , the Foundation flaw involves a memory corruption issue that could allow an app to gain elevated privileges in iPhone 5s and later , iPad Air and later , and iPod touch 6th generation . An anonymous researcher , Clement Lecigne of Google Threat Analysis Group , Ian Beer of Google Project Zero and Samuel Grob of Google Project Zero were credited with finding Vulnerability-related.DiscoverVulnerability the flaw . The second bug , identified Vulnerability-related.DiscoverVulnerability as CVE-2019-7287 , also involves a memory corruption , but instead of granting elevated privileges it allows an app to executive code with kernel privileges on iPhone 5s and later , iPad Air and later , and iPod touch 6th generation . The same researchers were credited with the find Vulnerability-related.DiscoverVulnerability . Apple released Vulnerability-related.PatchVulnerability iOS 12.1.4 alongside a supplemental update to macOS Mojave to address Vulnerability-related.PatchVulnerability the widely publicized FaceTime flaw that allowed interlopers to eavesdrop on Group FaceTime calls . The update also patched Vulnerability-related.PatchVulnerability a Live Photos in FaceTime bug that was discovered Vulnerability-related.DiscoverVulnerability after Apple conducted a `` thorough security audit '' of the service . Details of the Live Photos vulnerability have yet to be made public Vulnerability-related.DiscoverVulnerability .