September 22, Securityweek – (International) Adobe patches 23 vulnerabilities in Flash Player. Adobe released updates for Flash Player addressing 23 information disclosure, security bypass, memory leak, type confusion, use-after-free, buffer overflow, stack corruption, and memory corruption vulnerabilities, and includes additional validation checks to ensure rejection of malicious content from vulnerable JSONP callback Application Program Interfaces (APIs), among other improvements. Source
September 22, Help Net Security – (International) Malware-infected game discovered on Google Play, up to 1 million users at risk. Security researchers from Check Point discovered a new type of malware employing persistence and advanced detection evasion techniques, found packaged within the BrainTest Android game application. The malware can download and execute any code remotely and has infected about 200,000 – 1 million users. Source
September 21, Threatpost – (International) Apple watchOS2 includes host of code-execution patches. Apple released updates addressing over 12 code execution vulnerabilities in watchOS2 and other Apple Watch components, as well as certificate validation issues and vulnerabilities in CFNetwork, and a bug in the system’s dynamic linker, among others. Source
September 20, PCWorld – (International) Nasty URL bug brings Google Chrome to a screeching halt. Security researchers discovered a Uniform Resource Locator (URL) denial-of-service (DoS) vulnerability in the Google Chrome Web browser in which mousing over “%%30%30” appended to the end of a URL causes the browser to hang and crash. The issue affects both Windows and OS X current versions of Chrome. Source
September 22, The Register – (International) Shattered Skype slowly staggers to its feet after 15-hour outage outrage. Microsoft’s Skype experienced a worldwide outage for approximately 15 hours September 21 that prevented users from logging in and using the video-voice call service due to a network issue. The Skype Twitter feed reported that crews were working to reconnect users and restore service. Source