October 1, Threatpost – (International) Apple patches 100+ vulnerabilities in OS X, Safari, iOS. Apple released OS X version 10.11 El Capitan addressing over 100 security vulnerabilities, including 20 hypertext preprocessor (PHP) flaws, XARA password stealing vulnerabilities which could allow an attacker to use a malicious application to access a user’s keychain, and 45 issues in the Safari 9 Web browser, among others. Source
October 1, IDG News Service – (International) New Android vulnerabilities put over a billion devices at risk of remote hacking. Security researchers from Zimperium discovered a series of Android media processing vulnerabilities, dubbed Stagefright 2.0, affecting over 1 billion devices which could allow an attacker to trick users into visiting maliciously crafted Web sites that would exploit the flaws and lead to remote code execution on almost all devices starting with version 1.0 of the operating system (OS). Source
September 30, Computerworld – (International) Critical flaw puts 500 million WinRAR users at risk of being pwned by unzipping a file. Security researchers disclosed a critical zero day WinRAR remote code execution vulnerability affecting up to 500 million users, in which an attacker could inject malicious code into an archive that would automatically execute upon unzipping. The vulnerability can be exploited without system user privileges or user interaction. Source