![]() ![]() This weakness is not specific to Windows but instead exists within the HTTP/2 protocol used by the World Wide Web: Attackers have figured out how to use a feature of HTTP/2 to massively increase the size of distributed denial-of-service (DDoS) attacks, and these monster attacks reportedly have been going on for several weeks now.Īmazon, Cloudflare and Google all released advisories today about how they’re addressing CVE-2023-44487 in their cloud environments. For anyone keeping count, this is the 17th zero-day flaw that Apple has patched so far this year.įortunately, the zero-days affecting Microsoft customers this month are somewhat less severe than usual, with the exception of CVE-2023-44487. However, as Bleeping Computer pointed out, this flaw is caused by a weakness in the open-source “ libvpx” video codec library, which was previously patched as a zero-day flaw by Google in the Chrome browser and by Microsoft in Edge, Teams, and Skype products. The patch fixes CVE-2023-42724, which attackers have been using in targeted attacks to elevate their access on a local device.Īpple said it also patched CVE-2023-5217, which is not listed as a zero-day bug. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS.Īpple last week shipped emergency updates in iOS 17.0.3 and iPadOS 17.0.3 in response to active attacks. ![]() Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |