The Register: Apple patches ‘actively exploited’ iPhone zero-day with iOS 15.0.2 update

The Register: Apple patches ‘actively exploited’ iPhone zero-day with iOS 15.0.2 update. “Described as a ‘memory corruption issue’ by Apple, the vuln is present within the IOMobileFrameBuffer kernel extension, used for managing display memory. Malicious applications are said to be capable of triggering an integer overflow in the framebuffer, permitting execution of arbitrary code with kernel privileges.”

MIT Technology Review: 2021 has broken the record for zero-day hacking attacks

MIT Technology Review: 2021 has broken the record for zero-day hacking attacks. “A zero-day exploit—a way to launch a cyberattack via a previously unknown vulnerability—is just about the most valuable thing a hacker can possess. These exploits can carry price tags north of $1 million on the open market. And this year, cybersecurity defenders have caught the highest number ever, according to multiple databases, researchers, and cybersecurity companies who spoke to MIT Technology Review.”

SecurityWeek: OpenOffice Vulnerability Exposes Users to Code Execution Attacks

SecurityWeek: OpenOffice Vulnerability Exposes Users to Code Execution Attacks. “A buffer overflow vulnerability in Apache OpenOffice could be exploited to execute arbitrary code on target machines using malicious documents. Tracked as CVE-2021-33035 and discovered by security researcher Eugene Lim, the bug affects OpenOffice versions up to 4.1.10, with patches deployed in the 4.1.11 beta only, meaning that most installations out there are likely vulnerable.”

ZDNet: Google patches two Chrome zero-days

ZDNet: Google patches two Chrome zero-days. “Google announced fixes for 11 different bugs in Chrome on Monday, including two zero-days currently being exploited in the wild. Google listed all 11 of the fixes as well as the researchers who discovered them and the bounties handed out. But the two that caused the most stir were CVE-2021-30632 and CVE-2021-30633.”

Mashable: Apple just released a security update for your iPhone. Download it now.

Mashable: Apple just released a security update for your iPhone. Download it now.. “According to the tech giant, researchers uncovered multiple vulnerabilities in the software powering iPhones and iPads. And, much to everyone’s consternation, Apple’s also seen evidence that those vulnerabilities ‘may have been actively exploited.’ In other words, hackers — whether they be criminal or government-affiliated — might be using these security holes for their own purposes. “