Firefox Zero-Day Flaws Exploited in the Wild Get Patched
Mozilla Foundation rushes patches to fix bugs in its browser that could allow for remote code execution.
Vulnerabilities
Google Squashes High-Severity Flaws in Chrome Browser
Google is rolling out the newest Chrome browser version, 80.0.3987.162, in the coming days.
Zoom Removes Data-Mining LinkedIn Feature
The feature, criticized for “undisclosed data-mining,” is only the latest privacy faux pas for Zoom this month.
A second vulnerability could be used to prevent access to almost all of a site’s existing content, by simply redirecting visitors.
The zero-day Zoom flaws could give local, unprivileged attackers root privileges, and allow them to access victims’ microphone and camera.
Phishing and zero-days continue to be a core part of the APT arsenal.
The vulnerability can be exploited to reveal limited traffic data including a device’s IP address.
CVE-2020-10245, a heap-based buffer overflow that rates 10 out of 10 in severity, exists in the CODESYS web server and takes little skill to exploit.
The malware, the work of a new APT called TwoSail Junk, allows deep surveillance and total control over iOS devices.
