Microsoft has published Vulnerability-related.PatchVulnerability a patch for an Outlook vulnerability first reported Vulnerability-related.DiscoverVulnerability in late 2016 , but the patch has been deemed Vulnerability-related.PatchVulnerability incomplete and additional workarounds are needed , according to the security researcher who discovered Vulnerability-related.DiscoverVulnerability it . Yesterday 's April 2018 Patch Tuesday updates train included a fix for CVE-2018-0950 , a vulnerability in Microsoft Outlook discovered Vulnerability-related.DiscoverVulnerability by Will Dormann , a vulnerability analyst at the CERT Coordination Center ( CERT/CC ) . Outlook retrieves remote OLE content without prompting According to Dormann , the main problem with CVE-2018-0950 is that Microsoft Outlook will automatically render the content of remote OLE objects embedded inside rich formatted emails without prompting the user , something that Microsoft does in other Office apps such as Word , Excel , and PowerPoint . This leads to a slew of problems that come from automatically rendering OLE objects , a common attack vector for malware authors . Microsoft patches SMB attack vector only In a CERT/CC vulnerability note , Dormann says he notified Microsoft of Outlook 's propensity for loading OLE objects without alerting users in November 2016 . After almost 18 months , the company finally issued Vulnerability-related.PatchVulnerability a patch for the reported issue , but Dormann says the patch does not address Vulnerability-related.PatchVulnerability the problem at the core of the issue . According to Microsoft , the CVE-2018-0950 patch delivered Vulnerability-related.PatchVulnerability yesterday only blocks Outlook from initiating SMB connections when previewing rich formatted emails . Dormann points out that Outlook still does not prompt user for permission to render OLE objects for email previews . Furthermore , the researcher also highlights that there are other ways of obtaining the NTLM hashes , such as embedding UNC links to SMB servers inside the email , links that Outlook will automatically make clickable . `` If a user clicks such a link , the impact will be the same as with this vulnerability , '' Dormann says . But even this incomplete patch is good news . This means that while Outlook will continue to render OLE objects inside email previews , at least these objects ca n't be used to steal NTLM hashes via SMB anymore . To avoid attackers from getting their hands on NTLM hashes via SMB altogether , the expert recommends that system administrators apply additional OS-level workarounds ,

An exploit discovered Vulnerability-related.DiscoverVulnerability by a pair of security researchers allowed them to hack an iPhone X and access a photo that was supposedly deleted from the device . Apple was informed Vulnerability-related.DiscoverVulnerability of the security hole and a fix is on the way . As first reported Vulnerability-related.DiscoverVulnerability by Forbes , hackers Richard Zhu and Amat Cama teamed up and discovered Vulnerability-related.DiscoverVulnerability the hole that allowed access to deleted files on iOS devices running iOS 12 . This is due to a weakness in the current public version of the Safari browser . As per the Mobile Pwn2Own contest in Tokyo , Apple has been informed and the hackers were able to walk away with $ 50,000 . The hack in question would be able to retrieve more than just photos . The vulnerablitiy is found Vulnerability-related.DiscoverVulnerability in a just-in-time compiler . These are programs that translate code while a computer rather than before . And because it ’ s software , it ’ s bound to have some vulnerabilities . Software vulnerabilities are a common occurrence due to its complex nature . While developers can continue fixing Vulnerability-related.PatchVulnerability bugs , there ’ s no guarantee new holes won’t emerge Vulnerability-related.DiscoverVulnerability . The hackers were able to exploit the JIT compiler with a malicious Wi-Fi access point . However , Apple isn ’ t the only company at fault here . The pair of hackers were able to use the same exploits on Android devices including the Samsung Galaxy S9 and the Xiaomi Mi6 . The pair earned the “ Master of Pwn ” title for discovering Vulnerability-related.DiscoverVulnerability the iPhone vulnerability along with several other exploits showcased during the event . Apple should have this exploit patched Vulnerability-related.PatchVulnerability within the next few weeks . The company will likely patch Vulnerability-related.PatchVulnerability this in the next beta version of iOS 12.1.1 .

This week , Adobe released Vulnerability-related.PatchVulnerability its monthly scheduled update bundle addressing Vulnerability-related.PatchVulnerability vulnerabilities within its different products . The Adobe patch Tuesday November updates allegedly fixed Vulnerability-related.PatchVulnerability numerous vulnerabilities leading to information disclosure . These vulnerabilities existed in Vulnerability-related.DiscoverVulnerability Adobe Acrobat/Reader , Flash Player , and Photoshop CC . The recently released Adobe Patch Tuesday November updates addressed Vulnerability-related.PatchVulnerability three different vulnerabilities – all resulting in information disclosure . The first one existed in Vulnerability-related.DiscoverVulnerability the Adobe Photoshop CC affecting Vulnerability-related.DiscoverVulnerability versions 19.1.6 and prior for both Windows and MacOS . As described in the security advisory , Adobe has fixed Vulnerability-related.PatchVulnerability this important Out-of-bounds read vulnerability ( CVE-2018-15980 ) in the Photoshop CC versions 19.1.7 and 20.0 . The second information disclosure flaw affected Vulnerability-related.DiscoverVulnerability Adobe Reader and Acrobat for Windows . Explaining about the flaw in their advisory , Adobe stated , “ Successful exploitation could lead to an inadvertent leak of the user ’ s hashed NTLM password. ” The vulnerability initially received the CVE Vulnerability-related.DiscoverVulnerability number CVE-2018-4993 , when Check Point Research first reported Vulnerability-related.DiscoverVulnerability the bug . However , as recently disclosed Vulnerability-related.DiscoverVulnerability by the EdgeSpot , Adobe only patched Vulnerability-related.PatchVulnerability a single variant of this bug . Whereas , the EdgeSpot team discovered Vulnerability-related.DiscoverVulnerability other variants that hinted towards a failed patching Vulnerability-related.PatchVulnerability of the bug instead of a new vulnerability . The patched vulnerability has now received CVE Vulnerability-related.DiscoverVulnerability number CVE-2018-15979 “ to reflect that the patch is available Vulnerability-related.PatchVulnerability ” . The third vulnerability addressed Vulnerability-related.PatchVulnerability this month is an out-of-bounds Read vulnerability ( CVE-2018-15978 ) in the Adobe Flash Player . The affected versions include 31.0.0.122 and earlier for Windows , Linux , and MacOS . Unlike previous months , the Adobe Patch Tuesday November update bundle addressed Vulnerability-related.PatchVulnerability fewer bugs . Moreover , none of the patched vulnerabilities had a critical severity impact . In October , Adobe patched Vulnerability-related.PatchVulnerability 86 different vulnerabilities including 47 critical ones . Whereas , in September , they addressed Vulnerability-related.PatchVulnerability 6 critical flaws . Adobe has fixed Vulnerability-related.PatchVulnerability the bugs CVE-2018-15980 and CVE-2018-15978 in Adobe Photoshop CC versions 19.1.7 and 20.0 and Adobe Flash Player version 31.0.0.148 , respectively . Whereas , CVE-2018-15979 has received Vulnerability-related.PatchVulnerability a patch in Adobe Acrobat DC and Reader DC version 2019.008.20081 , Acrobat 2017 and Acrobat Reader DC 2017 version 2017.011.30106 , and Acrobat DC and Acrobat Reader DC ( Classic 2015 ) version 2015.006.30457 . For protection against the three important vulnerabilities addressed Vulnerability-related.PatchVulnerability in November updates , users should make sure to upgrade Vulnerability-related.PatchVulnerability their software to the patched versions at the earliest convenience .

Microsoft Windows users beware of Vulnerability-related.DiscoverVulnerability an unpatched memory corruption bug which could be exploited Vulnerability-related.DiscoverVulnerability to cause denial of service ( DoS ) attacks as well as other exploits . The vulnerability is in the SMB ( Server Message Block ) and is caused by the platform 's inability to properly handle a specially-crafted server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure , according to a Feb 2 CERT advisory . If a user connects to a malicious SMB server , a vulnerable Windows client system may crash and display a blue screen of death ( BSOD ) in mrxsmb20.sys , the advisory said . Researchers have confirmed Vulnerability-related.DiscoverVulnerability the flaw affects Vulnerability-related.DiscoverVulnerability fully-patched Windows 10 and Windows 8.1 client systems , as well as the server equivalents of these platforms , Windows Server 2016 and Windows Server 2012 R2 . The vulnerability is still being examined and it is possible that the flaw may enable more exploits as well . A researcher by the moniker “ PythonResponder ” first reported Vulnerability-related.DiscoverVulnerability the zero day and a proof-of-concept code was published to GitHub shortly after . It is recommended that users consider blocking outbound SMB connections from the local network to the WAN in order to prevent remote attackers from causing denial of service attacks