January 5, Softpedia – (International) Google patches Android for yet another RCE flaw in its Mediaserver component. Google released patches for 12 vulnerabilities, five of which were categorized as critical, for its Android operating system (OS) including a remote code execution (RCE) flaw in its Mediaserver component, which allowed attackers to craft malicious media files and send them via a multimedia messaging service (MMS) or stream them through a user’s browser. Other issues included an elevation of privilege vulnerability in misc-sd driver and elevation of privilege vulnerabilities in Trustzone, among other flaws. Source
January 5, London Independent – (International) PSN down: PlayStation Network mostly back online following 12-hour outage. Sony Computer Entertainment reported that its PlayStation Network was back online following a 12-hour outage that affected almost all its systems including the PlayStation Store and online play, PlayStation Vita, PS3, and PlayStation 4. Some users continued to have issues following the outage. Source
January 4, Softpedia – (International) Cisco Jabber client flawed, exposes users to MitM attacks. Security researchers from Synacktiv discovered a serious security vulnerability, which affects Cisco’s Jabber client for Windows versions 10.6.x, 11.0.x and 11.1.x that allows attackers to expose a user’s private conversations and steal their login credentials via a simple Man-in-the-Middle (MitM) attack that would downgrade STARTTLS settings and force communications to take place through cleartext, tricking the desktop application into exposing sensitive information. Cisco released version 1.1 after discovering Jabber versions 9.x, 10.6.x, 11.0.x, and 11.1.x for Apple’s iPhone and iPad and Jabber for Android were affected. Source
January 4, Softpedia – (International) Mozilla adds W^X security feature to Firefox. Mozilla reported a new security feature, Write XOR Execute (W^X) was added to its web browser, Firefox in an attempt to protect against basic buffer overflow flaws and memory corruption issues in its OpenBSD operating system (OS). W^X affects how the code, executed inside the browser, interacts with the operating system’s memory and does not allow a process to be writeable and executable simultaneously. Source