Technology companies are starting to respond to a new Wi-Fi exploit affecting Vulnerability-related.DiscoverVulnerability all modern Wi-Fi networks using WPA or WPA2 encryption . The security vulnerabilities allow attackers to read Wi-Fi traffic between devices and wireless access points , and in some cases even modify it to inject malware into websites . Security researchers claim Vulnerability-related.DiscoverVulnerability devices running macOS , Windows , iOS , Android , and Linux will be affected Vulnerability-related.DiscoverVulnerability by the vulnerabilities . Microsoft says it has already fixed Vulnerability-related.PatchVulnerability the problem for customers running supported versions of Windows . “ We have released Vulnerability-related.PatchVulnerability a security update to address Vulnerability-related.PatchVulnerability this issue , ” says a Microsoft spokesperson in a statement to The Verge . “ Customers who apply Vulnerability-related.PatchVulnerability the update , or have automatic updates enabled , will be protected . We continue to encourage customers to turn on automatic updates to help ensure they are protected. ” Microsoft says the Windows updates released Vulnerability-related.PatchVulnerability on October 10th protect customers , and the company “ withheld disclosure Vulnerability-related.DiscoverVulnerability until other vendors could develop and release Vulnerability-related.PatchVulnerability updates. ” While it looks like Android and Linux devices are affected Vulnerability-related.DiscoverVulnerability by the worst part of the vulnerabilities , allowing attackers to manipulate websites , Google has promised Vulnerability-related.PatchVulnerability a fix for affected devices “ in the coming weeks. ” Google ’ s own Pixel devices will be the first to receive Vulnerability-related.PatchVulnerability fixes with security patch level of November 6 , 2017 , but most other handsets are still well behind even the latest updates . Security researchers claim Vulnerability-related.DiscoverVulnerability 41 percent of Android devices are vulnerable Vulnerability-related.DiscoverVulnerability to an “ exceptionally devastating ” variant of the Wi-Fi attack that involves manipulating traffic , and it will take time to patch Vulnerability-related.PatchVulnerability older devices . The Verge has reached out to a variety of Android phone makers to clarify when security patches will reach Vulnerability-related.PatchVulnerability handsets , and we ’ ll update you accordingly . At the time of writing , Apple has not yet clarified Vulnerability-related.DiscoverVulnerability whether the latest versions of macOS and iOS are vulnerable Vulnerability-related.DiscoverVulnerability . The Wi-Fi Alliance , a network of companies responsible for Wi-Fi , has responded to the disclosure Vulnerability-related.DiscoverVulnerability of the vulnerabilities . “ This issue can be resolved Vulnerability-related.PatchVulnerability through straightforward software updates , and the Wi-Fi industry , including major platform providers , has already started deploying Vulnerability-related.PatchVulnerability patches to Wi-Fi users , ” says a Wi-Fi Alliance spokesperson . “ Users can expect all their Wi-Fi devices , whether patched or unpatched Vulnerability-related.PatchVulnerability , to continue working well together. ” Apple also confirmed to both The Verge and AppleInsider that the vulnerability is patched Vulnerability-related.PatchVulnerability in a beta version of the current operating systems . The fix should go public Vulnerability-related.PatchVulnerability in a few weeks , so iOS and macOS devices are n't in the clear just yet . AppleInsider also reports that AirPort hardware , including the Time Machine , AirPort Extreme base station , and AirPort Express do not have a patch . The publication 's source also was n't sure if one was in the works .

Adobe has resolved Vulnerability-related.PatchVulnerability 11 security flaws in this month 's patch update on the heels of a far larger security round last month in which over a hundred bugs were squashed Vulnerability-related.PatchVulnerability . The patch release impacts Vulnerability-related.PatchVulnerability Adobe Flash , Acrobat and Reader , Experience Manager , and Creative Cloud . Two of the vulnerabilities disclosed Vulnerability-related.DiscoverVulnerability in the release are described Vulnerability-related.DiscoverVulnerability as critical and affect Vulnerability-related.DiscoverVulnerability Acrobat and Reader . In July , Adobe issued Vulnerability-related.PatchVulnerability a security update which patched Vulnerability-related.PatchVulnerability a total of 112 vulnerabilities . The majority of bugs were uncovered Vulnerability-related.DiscoverVulnerability in Adobe Acrobat , but a critical code execution flaw was also resolved Vulnerability-related.PatchVulnerability in Adobe Flash . The critical bugs in this release impact Vulnerability-related.DiscoverVulnerability Adobe Acrobat 2017 , Acrobat DC , and Acrobat Reader DC on Windows and macOS machines . The tech giant says Vulnerability-related.DiscoverVulnerability that exploitation of the security flaws , an out of bounds write issue ( CVE-2018-12808 ) and an untrusted pointer dereference problem ( CVE-2018-12799 ) can lead to arbitrary code execution . The vulnerabilities resolved Vulnerability-related.PatchVulnerability include five bugs in Adobe Flash . An out of bounds read flaw ( CVE-2018-12824 ) , a security bypass error ( CVE-2018-12825 ) , two information disclosure vulnerabilities ( CVE-2018-12826 , CVE-2018-12827 ) , and a privilege escalation flaw ( CVE-2018-12828 ) have all been patched Vulnerability-related.PatchVulnerability . A reflected cross-site scripting flaw ( CVE-2018-12806 ) , input validation bypass ( CVE-2018-12807 ) , and cross-site scripting ( XSS ) bug ( CVE-2018-5005 ) have been patched Vulnerability-related.PatchVulnerability in Adobe Experience Manager versions 6.0 -- 6.4 on all platforms . If exploited Vulnerability-related.DiscoverVulnerability , the security flaws can facilitate sensitive information disclosure and data modification . In addition , a single bug in Adobe Creative Cloud Desktop affecting Vulnerability-related.DiscoverVulnerability versions 4.5.0.324 and earlier versions on Windows systems has been resolved Vulnerability-related.PatchVulnerability . The DLL hijacking vulnerability ( CVE-2018-5003 ) can be exploited Vulnerability-related.DiscoverVulnerability in order for an attacker to escalate privileges on an account . Adobe recommends that users update their software as quickly as possible . Researchers from Trend Micro 's Zero Day Initiative , Palo Alto Networks , Google Project Zero , TenCent , and Cognizant Technology Solutions , among others , were thanked for reporting Vulnerability-related.DiscoverVulnerability the bugs . On Tuesday , Microsoft 's latest round of patches tackled Vulnerability-related.PatchVulnerability a total of 60 vulnerabilities , 19 of which were deemed critical . Two severe security flaws resolved Vulnerability-related.PatchVulnerability in the update are zero-day vulnerabilities which are being actively exploited Vulnerability-related.DiscoverVulnerability in the wild .

Adobe has resolved Vulnerability-related.PatchVulnerability 11 security flaws in this month 's patch update on the heels of a far larger security round last month in which over a hundred bugs were squashed Vulnerability-related.PatchVulnerability . The patch release impacts Vulnerability-related.PatchVulnerability Adobe Flash , Acrobat and Reader , Experience Manager , and Creative Cloud . Two of the vulnerabilities disclosed Vulnerability-related.DiscoverVulnerability in the release are described Vulnerability-related.DiscoverVulnerability as critical and affect Vulnerability-related.DiscoverVulnerability Acrobat and Reader . In July , Adobe issued Vulnerability-related.PatchVulnerability a security update which patched Vulnerability-related.PatchVulnerability a total of 112 vulnerabilities . The majority of bugs were uncovered Vulnerability-related.DiscoverVulnerability in Adobe Acrobat , but a critical code execution flaw was also resolved Vulnerability-related.PatchVulnerability in Adobe Flash . The critical bugs in this release impact Vulnerability-related.DiscoverVulnerability Adobe Acrobat 2017 , Acrobat DC , and Acrobat Reader DC on Windows and macOS machines . The tech giant says Vulnerability-related.DiscoverVulnerability that exploitation of the security flaws , an out of bounds write issue ( CVE-2018-12808 ) and an untrusted pointer dereference problem ( CVE-2018-12799 ) can lead to arbitrary code execution . The vulnerabilities resolved Vulnerability-related.PatchVulnerability include five bugs in Adobe Flash . An out of bounds read flaw ( CVE-2018-12824 ) , a security bypass error ( CVE-2018-12825 ) , two information disclosure vulnerabilities ( CVE-2018-12826 , CVE-2018-12827 ) , and a privilege escalation flaw ( CVE-2018-12828 ) have all been patched Vulnerability-related.PatchVulnerability . A reflected cross-site scripting flaw ( CVE-2018-12806 ) , input validation bypass ( CVE-2018-12807 ) , and cross-site scripting ( XSS ) bug ( CVE-2018-5005 ) have been patched Vulnerability-related.PatchVulnerability in Adobe Experience Manager versions 6.0 -- 6.4 on all platforms . If exploited Vulnerability-related.DiscoverVulnerability , the security flaws can facilitate sensitive information disclosure and data modification . In addition , a single bug in Adobe Creative Cloud Desktop affecting Vulnerability-related.DiscoverVulnerability versions 4.5.0.324 and earlier versions on Windows systems has been resolved Vulnerability-related.PatchVulnerability . The DLL hijacking vulnerability ( CVE-2018-5003 ) can be exploited Vulnerability-related.DiscoverVulnerability in order for an attacker to escalate privileges on an account . Adobe recommends that users update their software as quickly as possible . Researchers from Trend Micro 's Zero Day Initiative , Palo Alto Networks , Google Project Zero , TenCent , and Cognizant Technology Solutions , among others , were thanked for reporting Vulnerability-related.DiscoverVulnerability the bugs . On Tuesday , Microsoft 's latest round of patches tackled Vulnerability-related.PatchVulnerability a total of 60 vulnerabilities , 19 of which were deemed critical . Two severe security flaws resolved Vulnerability-related.PatchVulnerability in the update are zero-day vulnerabilities which are being actively exploited Vulnerability-related.DiscoverVulnerability in the wild .

It ’ s a new month which means another security patch from Google has been released Vulnerability-related.PatchVulnerability and it ’ s currently rolling out Vulnerability-related.PatchVulnerability to Pixel and select Nexus devices . The September 5 , 2018 patch includes fixes for almost 60 vulnerabilities that were found Vulnerability-related.DiscoverVulnerability in the AOSP repository . The update also includes in-car Bluetooth performance improvements for Pixel devices . Google resolved Vulnerability-related.PatchVulnerability 24 problems on September 1 , 2018 , and patched Vulnerability-related.PatchVulnerability an additional 35 on September 5 , 2018 . Before the patch , a remote attacker could execute arbitrary code using a “ specially crafted file … within the context of a privileged process. ” Fortunately , just like with most issues that ’ re fixed Vulnerability-related.PatchVulnerability through security patches , Google states that it has not received a single report of an attacker using this vulnerability to harm a customer . In addition to the security fixes , Google has listed some of the improvements this update brings to its handsets : Improve battery charge in Retail Mode ( Pixel 2 , Pixel 2 XL ) Improve SW Version reporting ( Pixel , Pixel XL , Pixel 2 , Pixel 2 XL ) Improve audio quality over car speakers ( Pixel , Pixel XL , Pixel 2 , Pixel 2 XL ) If you don ’ t want to wait for the September security patch to make its way to your phone , you can download the latest factory image or OTA file from the links below . From there , you can either flash a fresh build to your phone or sideload the OTA update . And in usual Essential fashion , the company has begun rolling out Vulnerability-related.PatchVulnerability the September security patch to the Essential Phone within hours of it becoming available for Google ’ s hardware . On top of the fixed vulnerabilities , Essential states that the update includes various audio and accessibility fixes .

The bug was found Vulnerability-related.DiscoverVulnerability in the core infrastructure of Apache Struts 2 . The Apache Software Foundation has patched Vulnerability-related.PatchVulnerability a critical security vulnerability which affects Vulnerability-related.DiscoverVulnerability all versions of Apache Struts 2 . Uncovered Vulnerability-related.DiscoverVulnerability by researchers from cybersecurity firm Semmle , the security flaw is caused by the insufficient validation of untrusted user data in the core Struts framework . When Apache Struts uses results with no namespace and in the same time , upper actions have no wild namespace . The same opportunity for exploit exists when the URL tag is in use and there is no value or action set . As the bug , CVE-2018-11776 , has been discovered Vulnerability-related.DiscoverVulnerability in the Struts core , the team says there are multiple attack vectors threat actors could use to exploit the vulnerability . If the alwaysSelectFullNamespace flag is set to true in the Struts configuration , which is automatically the case when the Struts Convention plugin is in use , or if a user 's Struts configuration file contains a tag that does not specify the optional namespace attribute or specifies a wildcard namespace . Man Yue Mo from the Semmle Security Research Team first reported Vulnerability-related.DiscoverVulnerability the flaw . `` This vulnerability affects Vulnerability-related.DiscoverVulnerability commonly-used endpoints of Struts , which are likely to be exposed , opening up an attack vector to malicious hackers , '' Mo says Vulnerability-related.DiscoverVulnerability . `` On top of that , the weakness is related to the Struts OGNL language , which hackers are very familiar with , and are known to have been exploited Vulnerability-related.DiscoverVulnerability in the past . '' The vulnerability affects Vulnerability-related.DiscoverVulnerability all versions of Apache Struts 2 . Companies which use the popular open-source framework are urged to update their builds immediately . Users of Struts 2.3 are advised to upgrade Vulnerability-related.PatchVulnerability to 2.3.35 ; users of Struts 2.5 need to upgrade Vulnerability-related.PatchVulnerability to 2.5.17 . As the latest releases only contain Vulnerability-related.PatchVulnerability fixes for the vulnerability , Apache does not expect users to experience any backward compatibility issues . `` Previous disclosures Vulnerability-related.DiscoverVulnerability of similarly critical vulnerabilities have resulted in exploits being published Vulnerability-related.DiscoverVulnerability within a day , putting critical infrastructure and customer data at risk , '' Semmle says . `` All applications that use Struts are potentially vulnerable Vulnerability-related.DiscoverVulnerability , even when no additional plugins have been enabled . '' Mo first reported Vulnerability-related.DiscoverVulnerability the findings in April . By June , the Apache Struts team published the code which resolved Vulnerability-related.PatchVulnerability the problem , leading to the release Vulnerability-related.PatchVulnerability of official patches on August 22 .

Researchers at Germany-based security firm Cure53 have conducted a 32-day audit of the Network Time Protocol ( NTP ) and the NTPsec project and discovered Vulnerability-related.DiscoverVulnerability more than a dozen vulnerabilities . Experts identified Vulnerability-related.DiscoverVulnerability a total of 16 security-related issues , including 8 weaknesses that only affect Vulnerability-related.DiscoverVulnerability NTP and two that only impact Vulnerability-related.DiscoverVulnerability NTPsec , which is meant to be a secure , hardened and improved implementation of NTP . Cure53 has published separate reports focusing on the NTP and NTPsec problems . The Network Time Foundation addressed Vulnerability-related.PatchVulnerability the flaws earlier this month with the release of ntp-4.2.8p10 . Cure53 has classified Vulnerability-related.DiscoverVulnerability one vulnerability as being critical . CVE-2017-6460 , which only affects Vulnerability-related.DiscoverVulnerability NTP , has been described Vulnerability-related.DiscoverVulnerability as a stack-based buffer overflow that can be triggered by a malicious server when a client requests the restriction list . The flaw can be exploited Vulnerability-related.DiscoverVulnerability to cause a crash and possibly to execute arbitrary code . The security holes rated Vulnerability-related.DiscoverVulnerability by Cure53 as high severity are CVE-2017-6463 and CVE-2017-6464 , both of which can be exploited Vulnerability-related.DiscoverVulnerability for DoS attacks . It ’ s worth noting that while some of the vulnerabilities have been classified Vulnerability-related.DiscoverVulnerability as critical and high severity by Cure53 , NTP developers have only assigned Vulnerability-related.DiscoverVulnerability medium , low and informational-level severity ratings to the discovered flaws . Ntp-4.2.8p10 patches Vulnerability-related.PatchVulnerability a total of 15 vulnerabilities and also includes just as many non-security fixes and improvements . Of the 15 security holes resolved Vulnerability-related.PatchVulnerability in the latest version , 14 were discovered Vulnerability-related.DiscoverVulnerability by Cure53 , which also noticed Vulnerability-related.DiscoverVulnerability that a flaw initially patched Vulnerability-related.PatchVulnerability in December 2014 was reintroduced Vulnerability-related.DiscoverVulnerability in November 2016 . One of the vulnerabilities fixed Vulnerability-related.PatchVulnerability in ntp-4.2.8p10 was reported Vulnerability-related.DiscoverVulnerability by researchers at Cisco Talos . Experts identified Vulnerability-related.DiscoverVulnerability a DoS vulnerability affecting Vulnerability-related.DiscoverVulnerability the origin timestamp check functionality

A pair of iOS bugs identified Vulnerability-related.DiscoverVulnerability as resolved Vulnerability-related.PatchVulnerability by Apple in its latest iOS 12.1.4 release were successfully exploited Vulnerability-related.DiscoverVulnerability by hackers , according to a Google researcher who shared details Vulnerability-related.DiscoverVulnerability of the zero-day vulnerabilities on Thursday . Apple 's latest iOS 12.1.4 release , issued Vulnerability-related.PatchVulnerability earlier today , contains fixes for Foundation and IOKit flaws that , according to security researcher Ben Hawkes , were used to hack devices in the wild . As noted by ZDNet , Hawkes , leader of Google 's Project Zero security team , shared the revelation Vulnerability-related.DiscoverVulnerability on Twitter late Thursday , saying Vulnerability-related.DiscoverVulnerability the iOS bugs were leveraged as zero-day vulnerabilities . How , exactly , the vulnerabilities were exploited Vulnerability-related.DiscoverVulnerability and by whom is unknown . Both bugs were detailed Vulnerability-related.DiscoverVulnerability in Apple documentation detailing security changes delivered Vulnerability-related.PatchVulnerability with the iOS 12.1.4 package . Logged with the identifier Vulnerability-related.DiscoverVulnerability CVE-2019-7286 , the Foundation flaw involves a memory corruption issue that could allow an app to gain elevated privileges in iPhone 5s and later , iPad Air and later , and iPod touch 6th generation . An anonymous researcher , Clement Lecigne of Google Threat Analysis Group , Ian Beer of Google Project Zero and Samuel Grob of Google Project Zero were credited with finding Vulnerability-related.DiscoverVulnerability the flaw . The second bug , identified Vulnerability-related.DiscoverVulnerability as CVE-2019-7287 , also involves a memory corruption , but instead of granting elevated privileges it allows an app to executive code with kernel privileges on iPhone 5s and later , iPad Air and later , and iPod touch 6th generation . The same researchers were credited with the find Vulnerability-related.DiscoverVulnerability . Apple released Vulnerability-related.PatchVulnerability iOS 12.1.4 alongside a supplemental update to macOS Mojave to address Vulnerability-related.PatchVulnerability the widely publicized FaceTime flaw that allowed interlopers to eavesdrop on Group FaceTime calls . The update also patched Vulnerability-related.PatchVulnerability a Live Photos in FaceTime bug that was discovered Vulnerability-related.DiscoverVulnerability after Apple conducted a `` thorough security audit '' of the service . Details of the Live Photos vulnerability have yet to be made public Vulnerability-related.DiscoverVulnerability .