ZDNet: Adobe sends out second fix for critical Reader data leak vulnerability

ZDNet: Adobe sends out second fix for critical Reader data leak vulnerability. “Adobe has released a second patch to resolve a critical zero-day vulnerability in Adobe Reader after its original fix failed. The vulnerability, CVE-2019-7089, was patched in Adobe’s February 12 patch release. Buried among 42 other critical bugs, the security flaw was described as a sensitive data leak problem which can lead to information disclosure when exploited.”

Ars Technica: Microsoft patches zero-day vulnerabilities in IE and Exchange

Ars Technica: Microsoft patches zero-day vulnerabilities in IE and Exchange. “Microsoft’s Patch Tuesday this month had higher-than-usual stakes with fixes for a zero-day Internet Explorer vulnerability under active exploit and an Exchange Server flaw that was disclosed last month with proof-of-concept code.”

Mashable: FaceTime bug teenager is eligible for bug bounty payout

Mashable: FaceTime bug teenager is eligible for bug bounty payout. “The rather serious FaceTime bug widely reported about last week left Apple a little red-faced and one 14-year-old (and his mother) hoping Apple would give him some credit for discovering it. Now it looks like he’s going to get a big payout from Apple’s bug bounty program.”

ZDNet: Temporary fix available for one of the two Windows zero-days released in December

ZDNet: Temporary fix available for one of the two Windows zero-days released in December. “In December 2018, a security researcher going by the name of SandboxEscaper published details and proof-of-concept (PoC) demo code for two Windows zero-days. Today, cyber-security firm Acros Security published a temporary patch for the second zero-day, a patch that protects Windows systems against any exploitation attempts.”

Make Tech Easier: Tool That Can Mass-Hijack Google Chromecast Was Uploaded to Github

Make Tech Easier: Tool That Can Mass-Hijack Google Chromecast Was Uploaded to Github. “You might not agree with this method, but the goal was to show people that they need to not leave their Google Chromecast devices connected to the Internet when not in use. The Crashcast tool was published on Github as a warning to Chromecast owners. It’s the same vulnerability that hackers used to take over Chromecast devices and broadcast a PewDiePie message.”

ZDNet: Microsoft releases security update for new IE zero-day

ZDNet: Microsoft releases security update for new IE zero-day. “Microsoft has released an out-of-band security update today, December 19, for an Internet Explorer vulnerability that is currently being abused in the wild. The OS maker credited Clement Lecigne of Google’s Threat Analysis Group with discovering and reporting the IE zero-day.”

The Register: Adobe Flash zero-day exploit… leveraging ActiveX… embedded in Office Doc… BINGO!

The Register: Adobe Flash zero-day exploit… leveraging ActiveX… embedded in Office Doc… BINGO! . “Stop us if you’ve heard this one before: An Adobe Flash zero-day vulnerability is being actively targeted in the wild to hijack victims’ Windows PCs. Researchers with Gigamon Applied Threat Research (ATR) and Qihoo 360 uncovered a phishing campaign that exploits CVE-2018-15982, prompting Adobe to today release an out-of-band emergency update to patch up the flaw.”