We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

exploitable vulnerability

August 2024 Patch Tuesday: Updates and Analysis | CrowdStrike
Winsage
August 15, 2024

August 2024 Patch Tuesday: Updates and Analysis | CrowdStrike

Microsoft's August 2024 Patch Tuesday addressed 85 vulnerabilities, including six zero-day exploits. The vulnerabilities are categorized as CVE-2024-38213, CVE-2024-38193, CVE-2024-38189, CVE-2024-38178, CVE-2024-38107, and CVE-2024-38106. Six vulnerabilities are classified as Critical, while the remaining 79 are rated Important or Moderate. The predominant risk types include elevation of privilege (37%) and remote code execution (35%). Windows products received 43 patches, with 21 for the Extended Security Update (ESU) and 8 for Microsoft Office. Notable zero-day vulnerabilities include: - CVE-2024-38189 in Microsoft Project (CVSS 8.8) allows remote code execution. - CVE-2024-38193 in Windows Ancillary Function Driver for WinSock (CVSS 7.8) allows privilege escalation. - CVE-2024-38107 in Windows Power Dependency Coordinator (CVSS 7.8) allows privilege escalation. - CVE-2024-38178 in the Scripting Engine (CVSS 7.5) allows remote code execution. - CVE-2024-38106 in the Windows kernel (CVSS 7.0) allows privilege escalation. - CVE-2024-38213 in Windows Mark of the Web Security (CVSS 6.5) allows security warning bypass. Critical vulnerabilities include: - CVE-2024-38063 (CVSS 9.8) in Windows TCP/IP allows remote code execution. - CVE-2024-38140 (CVSS 9.8) in Windows Reliable Multicast Transport Driver allows remote code execution. - CVE-2024-38109 (CVSS 9.1) in Azure Health Bot allows privilege escalation. - CVE-2024-38159 and CVE-2024-38160 (both CVSS 9.1) in Windows Network Virtualization allow remote code execution. - CVE-2023-40547 (CVSS 8.8) impacts Secure Boot. Additional vulnerabilities with existing proof of concept include: - CVE-2024-38199 (CVSS 9.8) in Windows Line Printer Daemon allows remote code execution. - CVE-2024-38202 (CVSS 7.3) in Windows Update Stack allows privilege escalation. - CVE-2024-21302 (CVSS 6.7) in Windows Secure Kernel Mode allows privilege escalation.
Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App
AppWizard
August 15, 2024

Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App

A vulnerability has been identified in Google Pixel devices, linked to a software package called “Showcase.apk,” which has existed in every Android release for these devices since September 2017. This application, created by Smith Micro for Verizon, operates at the system level and has extensive privileges, including remote code execution and the ability to install software remotely. It downloads configuration files via an unencrypted HTTP connection, making it susceptible to exploitation. iVerify disclosed this vulnerability to Google in early May, but a fix has not yet been released. Google has stated that Showcase is no longer in use by Verizon and that an update to remove it from supported Pixel devices is forthcoming. There is currently no evidence of active exploitation, and the app is absent in the newly announced Pixel 9 series. However, concerns remain about the potential for exploitation, particularly if a remote activation method is discovered. iVerify also speculates that Showcase could be present in other Android devices, and Google is notifying other manufacturers about the issue.
Windows installer tagged with flaws that could elevate privileges
Winsage
July 18, 2024

Windows installer tagged with flaws that could elevate privileges

An unpatched vulnerability in Windows installer files allows attackers to elevate privileges and potentially take over vulnerable systems. The vulnerability stems from the way Windows handles permissions for installer files, allowing custom actions to bypass normal account protections and carry out malicious activities. The flaw was reported to Microsoft last year but was dismissed as not replicable on patched systems. The vulnerability requires local access to exploit, making it more difficult for threat actors to take advantage of.
Search