December 9, SecurityWeek – (International) Apple issues security updates for OS X, iOS, Safari. Apple released security updates patching multiple vulnerabilities within its OS X, iOS, Safari, Xcode, watchOS, and tvOS systems including flaws affecting Apple’s mobile operating system, Siri, Webkit, and components such as the App Sandbox, Compression, CoreMedia Playback, EFI, and File Bookmark, among others. Source
December 9, Softpedia – (International) DNS Root servers hit by DDoS attack. Researchers from RootOps reported that a large-scale denial-of-service (DDoS) attack on the Internet’s Domain Name System (DNS) root servers caused timeouts for the B, C, G, and H node servers after 2 attacks blasted up to 5 million queries per second per DNS root name server. The DDoS attacks did not cause serious damage. Source
December 9, SecurityWeek – (International) Adobe patches 77 vulnerabilities in Flash Player. Adobe released new versions of its Flash Player for OS X, Windows, Linux, and Android systems, patching 77 critical vulnerabilities including buffer overflow, stack overflow, type confusion, integer overflow issues, use-after free vulnerabilities, three security bypass flaws, and other memory corruption issues that can lead to code execution. Source
December 9, SecurityWeek – (International) Microsoft patches Windows, Office flaws exploited in the wild. Microsoft released 12 security bulletins addressing 60 flaws in several of its products including Windows, Internet Explorer, Edge, .NET, Office, and Skype for Business, among other products, addressing 2 zero-day flaws exploited in the wild that could allow attackers to run arbitrary code and gain control of the infected system if a victim logs on with administrative rights. Source
December 8, SecurityWeek – (International) Critical flaw found in AVG, McAfee, Kaspersky products. Researchers from enSilo discovered a serious vulnerability in AVG, McAfee, and Kaspersky security products that allows attackers to bypass Windows protection protocol and exploit vulnerabilities in third-party applications to compromise the underlying system in a multi-stage attack. AVG, McAfee, and Kaspersky patched the flaws in each of their systems. Source
December 8, SecurityWeek – (International) SAP security updates patch 19 new flaws. SAP released 26 patches for its software addressing 19 new vulnerabilities and 7 updated patches including 4 cross-site scripting (XSS), 3 information disclosure flaws, 4 missing authorization and authentication check issues, and 2 denial-of-service (DoS) vulnerabilities, among other patched issues. Source
December 8, Softpedia – (International) Security flaw fixed in Malwarebytes antivirus. Malwarebytes Corporation released a patch for its Windows antivirus software after a researcher from COSIG research & pentesting team discovered a security vulnerability that can be exploited when a malformed executable with an invalid integer(-1) in the “SizeOfRawData” in UPX section is deconstructed by the Malwarebytes antivirus, enabling a memory corruption flaw that can expose the infected system to an arbitrary code attack. Malwarebytes stated there was no evidence to suggest the exploit was used in the wild. Source