Will hackers take advantage of the already eliminated zero-day vulnerability in attacks?
Mozilla released security updates to address a critical zero-day vulnerability in Firefox and Thunderbird that was heavily exploited in real-world environments, a day after Google released a fix for the issue in the Chrome browser.
The heap buffer overflow vulnerability CVE-2023-4863 can lead to arbitrary code execution when opening a specially created malicious WebP image. The flaw may allow a remote attacker to write out of memory via the generated HTML page.
The security issue was reported by Apple Security Engineering and Architecture (SEAR) and Citizen Lab at the Munch School at the University of Toronto. The issue was resolved in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2.
The U.S. Cybersecurity and Infrastructure Protection Agency (CISA) recently added the critical vulnerability CVE-2023-33246 (CVSS: 9.8) affecting Apache RocketMQ to its catalog of known exploited vulnerabilities. Attackers can use the vulnerability to execute arbitrary commands on behalf of users of the system running RocketMQ. A hacker can cause an error by using the configuration update function or by tampering with the contents of the RocketMQ protocol.
Also in early September, Reddit published information about the discovery of a serious security vulnerability in the AtlasVPN client for the Linux operating system. A cybersecurity researcher, who wished to remain anonymous, published a working PoC exploit and demonstrated to the public how attackers can place the exploit code on their malicious site and gain access to the real IP address of any user of the Linux version of the VPN client.
Mozilla released security updates to address a critical zero-day vulnerability in Firefox and Thunderbird that was heavily exploited in real-world environments, a day after Google released a fix for the issue in the Chrome browser.
The heap buffer overflow vulnerability CVE-2023-4863 can lead to arbitrary code execution when opening a specially created malicious WebP image. The flaw may allow a remote attacker to write out of memory via the generated HTML page.
The security issue was reported by Apple Security Engineering and Architecture (SEAR) and Citizen Lab at the Munch School at the University of Toronto. The issue was resolved in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2.
The U.S. Cybersecurity and Infrastructure Protection Agency (CISA) recently added the critical vulnerability CVE-2023-33246 (CVSS: 9.8) affecting Apache RocketMQ to its catalog of known exploited vulnerabilities. Attackers can use the vulnerability to execute arbitrary commands on behalf of users of the system running RocketMQ. A hacker can cause an error by using the configuration update function or by tampering with the contents of the RocketMQ protocol.
Also in early September, Reddit published information about the discovery of a serious security vulnerability in the AtlasVPN client for the Linux operating system. A cybersecurity researcher, who wished to remain anonymous, published a working PoC exploit and demonstrated to the public how attackers can place the exploit code on their malicious site and gain access to the real IP address of any user of the Linux version of the VPN client.
