The device manufacturer acquired St Jude Medical last year and has since been working to fix Vulnerability-related.PatchVulnerability severe vulnerabilities found in Vulnerability-related.DiscoverVulnerability its pacemakers . Abbott released Vulnerability-related.PatchVulnerability its second and final round of planned cybersecurity updates to its pacemakers , programmers and remote monitoring systems to fix Vulnerability-related.PatchVulnerability severe cybersecurity flaws in the devices . The patch will update Vulnerability-related.PatchVulnerability the battery performance alert , allowing the device to monitor for abnormal battery behavior and automatically vibrate to tell the patient when something is wrong . The planned updates began last year , and the latest firmware update was approved Vulnerability-related.PatchVulnerability by the Food and Drug Administration last week . The update applies to Vulnerability-related.PatchVulnerability about 350,000 of Abbott ’ s implantable cardioverter defibrillators and implantable cardiac resynchronization therapy defibrillators . The devices were originally manufactured by St Jude Medical , which Abbott acquired last year . At that time , St Jude was under fire for remaining quiet about defibrillator issues that caused rapid battery depletion . The FDA found St Jude continued to ship these devices despite knowing about the defect . In fact , the agency found those flaws caused patient deaths . The flaws , made public Vulnerability-related.DiscoverVulnerability in 2016 by Muddy Waters and security firm MedSec , could allow an unauthorized user to access the defibrillaors and modify the programming controls . Since acquiring St Jude , Abbott has been working to patch Vulnerability-related.PatchVulnerability those vulnerabilities . The FDA ’ s recall notice said the firmware update will reduce the risk of patient harm due to premature battery depletion and potential exploitation of the flaws in the devices . The update will effectively complete the necessary patches to prevent unauthorized access . The update is not a response to any new flaws , but are merely a continuation of last year ’ s patches , according to officials . `` Technology and its security are always evolving , and this firmware upgrade is part of our commitment to ensuring our products include the latest advancements and protections for patients , '' said Robert Ford , executive vice president of medical devices at Abbott , in a statement .

Recently we ’ ve been writing about LastPass more than seems healthy . March saw two rounds of serious flaws made public Vulnerability-related.DiscoverVulnerability by Google ’ s Tavis Ormandy ( quickly fixed Vulnerability-related.PatchVulnerability ) , which seemed like a lot for a single week . Days ago , news emerged Vulnerability-related.DiscoverVulnerability of a new issue ( also fixed Vulnerability-related.PatchVulnerability ) in the company ’ s two-factor/two-step authentication ( 2FA ) security . To coin a phrase , all serious flaws are serious – but some are more serious than others . This one matters for two reasons , only one of which will sound flippant : it wasn’t discovered Vulnerability-related.DiscoverVulnerability by Tavis Ormandy , who at times has seemed to be writing a novella on flaw-hunting with the company ’ s name on it . Another researcher with a taste for LastPass , researcher Martin Vigo , uncovered Vulnerability-related.DiscoverVulnerability the latest issue , and it ’ s the 2FA bit of the story that explains the angst . Two-factor authentication ( a term that also refers to more convenient but less secure two-step verification ) matters because it is the crown jewels of everyday security , especially for password managers such as LastPass . The flaws are explained Vulnerability-related.DiscoverVulnerability by Vigo in a slightly confusing way ( one compromise was subsequently shown not to be exploitable ) but cover overlapping weaknesses that might under specific circumstances allow 2FA to be bypassed when using Google ’ s Authenticator and QR codes . Again a user being logged into LastPass at the time of an attack is entirely possible . Significantly , LastPass quickly stopped using the login hash ( used to authenticate the master password without having to know it ) to retrieve Authenticator ’ s QR codes , and now sets a Cross-Site Request Forgery ( CSRF ) token to plug another weakness . We still don ’ t know why LastPass has been plagued by so many issues in such a short space of time – perhaps it ’ s just a big-name target worth researching – but some of these weaknesses appear to be in its design , the result of decisions to do things in a certain way , probably some years in the past .

A pair of iOS bugs identified Vulnerability-related.DiscoverVulnerability as resolved Vulnerability-related.PatchVulnerability by Apple in its latest iOS 12.1.4 release were successfully exploited Vulnerability-related.DiscoverVulnerability by hackers , according to a Google researcher who shared details Vulnerability-related.DiscoverVulnerability of the zero-day vulnerabilities on Thursday . Apple 's latest iOS 12.1.4 release , issued Vulnerability-related.PatchVulnerability earlier today , contains fixes for Foundation and IOKit flaws that , according to security researcher Ben Hawkes , were used to hack devices in the wild . As noted by ZDNet , Hawkes , leader of Google 's Project Zero security team , shared the revelation Vulnerability-related.DiscoverVulnerability on Twitter late Thursday , saying Vulnerability-related.DiscoverVulnerability the iOS bugs were leveraged as zero-day vulnerabilities . How , exactly , the vulnerabilities were exploited Vulnerability-related.DiscoverVulnerability and by whom is unknown . Both bugs were detailed Vulnerability-related.DiscoverVulnerability in Apple documentation detailing security changes delivered Vulnerability-related.PatchVulnerability with the iOS 12.1.4 package . Logged with the identifier Vulnerability-related.DiscoverVulnerability CVE-2019-7286 , the Foundation flaw involves a memory corruption issue that could allow an app to gain elevated privileges in iPhone 5s and later , iPad Air and later , and iPod touch 6th generation . An anonymous researcher , Clement Lecigne of Google Threat Analysis Group , Ian Beer of Google Project Zero and Samuel Grob of Google Project Zero were credited with finding Vulnerability-related.DiscoverVulnerability the flaw . The second bug , identified Vulnerability-related.DiscoverVulnerability as CVE-2019-7287 , also involves a memory corruption , but instead of granting elevated privileges it allows an app to executive code with kernel privileges on iPhone 5s and later , iPad Air and later , and iPod touch 6th generation . The same researchers were credited with the find Vulnerability-related.DiscoverVulnerability . Apple released Vulnerability-related.PatchVulnerability iOS 12.1.4 alongside a supplemental update to macOS Mojave to address Vulnerability-related.PatchVulnerability the widely publicized FaceTime flaw that allowed interlopers to eavesdrop on Group FaceTime calls . The update also patched Vulnerability-related.PatchVulnerability a Live Photos in FaceTime bug that was discovered Vulnerability-related.DiscoverVulnerability after Apple conducted a `` thorough security audit '' of the service . Details of the Live Photos vulnerability have yet to be made public Vulnerability-related.DiscoverVulnerability .