Ars Technica: Firefox gets patch for critical zeroday that’s being actively exploited

Ars Technica: Firefox gets patch for critical zeroday that’s being actively exploited. “Mozilla has released a new version of Firefox that fixes an actively exploited zeroday that could allow attackers to take control of users’ computers. In an advisory, Mozilla rated the vulnerability critical and said it was ‘aware of targeted attacks in the wild abusing this flaw.'”

BetaNews: Google pushes out urgent Chrome update to patch actively exploited zero-day vulnerabilities

BetaNews: Google pushes out urgent Chrome update to patch actively exploited zero-day vulnerabilities. “The Chrome security team says that both vulnerabilities are use-after-free security issues which can be used to exploit arbitrary code. One vulnerability exists in an audio component of the browser, while the other can be found in the PDFium library. The Windows, macOS and Linux versions of Chrome are all affected.”

Ars Technica: Attackers exploit 0-day vulnerability that gives full control of Android phones

Ars Technica: Attackers exploit 0-day vulnerability that gives full control of Android phones. “Attackers are exploiting a zero-day vulnerability in Google’s Android mobile operating system that can give them full control of at least 18 different phone models, including four different Pixel models, a member of Google’s Project Zero research group said on Thursday night.”

Bleeping Computer: New Zero-Day Exploit for Bug in Windows 10 Task Scheduler

Bleeping Computer: New Zero-Day Exploit for Bug in Windows 10 Task Scheduler. “Exploit developer SandboxEscaper has quietly dropped a new zero-day exploit for the Windows operating system just a week after Microsoft’s monthly cycle of security updates. This exploit is the fifth in a string that started in late August last year. It achieves local privilege escalation, granting a limited user full control over files reserved for full-privilege users like SYSTEM and TrustedInstaller.”

Threatpost: Microsoft Patches Zero-Day Bug Under Active Attack

Threatpost: Microsoft Patches Zero-Day Bug Under Active Attack. “Among the other critical bugs patched, system administrators are urged to immediately deploy fixes for a Remote Desktop Services remote code-execution vulnerability (CVE-2019-0708). The bug is notable for a number of reasons. One, it’s ‘wormable’ flaw and has the potential to be exploited in a fast-moving malware attack similar to WannaCry. As a testament to its potential for havoc, Microsoft has also gone the extra step in deploying patches to Windows XP and Windows 2003 for the bug, neither of which is still supported via monthly Patch Tuesday updates.”

Digital Trends: Internet Explorer zero-day exploit makes files vulnerable to hacks on Windows PCs

Digital Trends: Internet Explorer zero-day exploit makes files vulnerable to hacks on Windows PCs. “There were already a number of reasons to not use Internet Explorer. But if you needed another one, here it is. According to ZDNet, a security researcher named John Page has published evidence of an Internet Explorer zero-day exploit that renders Windows PCs vulnerable to having their files stolen by hackers.”

Ars Technica: A security researcher with a grudge is dropping Web 0days on innocent users

Ars Technica: A security researcher with a grudge is dropping Web 0days on innocent users. “Over the past three weeks, a trio of critical zeroday vulnerabilities in WordPress plugins has exposed 160,000 websites to attacks that allow criminal hackers to redirect unwitting visitors to malicious destinations. A self-proclaimed security provider who publicly disclosed the flaws before patches were available played a key role in the debacle, although delays by plugin developers and site administrators in publishing and installing patches have also contributed.”