Monthly Archives: July 2019


Windows Actively Exploited Privilege-Escalation Bugs

The software giant recently released important-level patches for two of the privilege-escalation vulnerabilities in Win32k and splwow64, which are being actively exploited in the wild. Qualys said that the patches, though labeled as important, should be quickly deployed as they could be chained with other vulnerabilities to provide the hacker with complete system access. In other words, once they have elevated their privilege level, attackers could exploit another vulnerability to allow them to execute code like ransomware.

The Win32 flaw (CVE-2019-1132) affects Windows 7, Server 2008 and Server 2008 R2.

“While an attacker would have to gain log on access to the system to execute the exploit, the vulnerability if exploited would allow the attacker to take full control of the system,” said Chris Goettl, director of product management for security at Ivanti, via email.

Meanwhile, the bug in splwow64 (CVE-2019-0880), which is the print driver … Read the rest


Mac Users Affected by Zero-Day Webcam Hijacking

The Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 4 million workers that use the Zoom for Mac web-and videoconferencing service.

 According to a researcher Jonathan Leitschuh (he noted that Mac users make up about 10 percent of Zoom’s customer base of 4+ million). An outside adversary would need only to convince a user to visit a malicious website with a specially crafted iFrame embedded, which would automatically launch a Mac user into a Zoom web conference while turning on their camera.

Leitschuh disclosed “I was very easily able to spot and describe bypasses in their planned fix,” he said. “Ultimately, Zoom failed at quickly confirming that the reported vulnerability actually existed and they failed at having a fix to the issue delivered to customers in a timely manner. An organization of this profile and with such

Read the rest

Stay Informed

Receive instant notifications when new content is released.