fix Archives

AppWizard

July 9, 2025

TapTrap Android Exploit Allows Malicious Apps to Bypass Permissions

A new Android vulnerability named TapTrap allows malicious applications to bypass the operating system's permission system without requiring special permissions. It exploits activity transition animations to mislead users into granting sensitive permissions or executing harmful actions. Researchers from TU Wien analyzed 99,705 applications on the Google Play Store and found that 76.3% are susceptible to this attack. TapTrap uses low-opacity animations (approximately 0.01 alpha) to make sensitive permission dialogs nearly invisible while still registering touch events. The attack can last up to six seconds and can lead to unauthorized access to critical functionalities like the camera and microphone, and even device administrator privileges. TapTrap bypasses existing defenses against tapjacking in Android, affecting popular web browsers as well. A user study showed that all participants failed to detect at least one variant of the attack. As of June 2025, Android 15 remains vulnerable, with no timeline for a comprehensive fix. The vulnerability has been assigned two CVEs, and researchers disclosed their findings to Google in October 2024. They propose solutions to mitigate the risks, including blocking touch events during low-opacity animations and setting an opacity threshold of 0.2.

AppWizard

July 9, 2025

I want to use YouTube Music for podcasts, but it keeps letting me down

Edgar Cervantes shared his experience with YouTube Music's podcast functionality, highlighting frustrations with its navigation and organization, which detracts from the user experience. He noted that YouTube Music prioritizes music and video content, making it difficult to locate podcasts, with subscriptions buried in the Library tab. The app defaults to video for podcasts, requiring users to switch to audio mode manually. Despite these issues, there is potential for improvement, and users like Cervantes continue to use the app due to its music streaming capabilities. To enhance its podcast experience, Google needs to implement a dedicated podcast tab, improve navigation, remember playback positions, and enhance search functionalities. Until these improvements are made, users may prefer dedicated podcast apps like Pocket Casts for a better experience.

AppWizard

July 9, 2025

Researchers Warn: This Android Animation Glitch Lets Apps Spy, Snap, and Steal… Undetected

A technique for Android devices called TapTrap allows malicious applications to intercept user taps without requiring special permissions. It uses transparent screen transitions to mislead users into triggering hidden actions. Devices running Android versions 15 and 16 are particularly vulnerable. TapTrap operates by overlaying a nearly transparent screen on top of another application, making it appear as if users are interacting with one app while their taps are registered by the hidden screen. A study of around 100,000 Android applications revealed that approximately 76 percent contained screens vulnerable to TapTrap. The researchers successfully executed the attack on a Google Pixel 8a running Android 16. Google has acknowledged the issue and plans to include a fix in a future software update, but no specific timeline has been provided. Users can enhance their security by disabling animations in their system settings.

Winsage

July 9, 2025

Businesses warned about looming software deadline that could risk cyber attacks

Calne-based Black Nova Designs has warned that Microsoft will cease support for Windows 10 in three months, which will leave millions of users without security updates or technical assistance, increasing their vulnerability to cyber threats. Managing director Kyle Holmes noted the lack of awareness about this change and emphasized the risks involved. The company recommends six IT tips for businesses: 1. Upgrade from Windows 10 promptly, especially for machines older than 2018. 2. Regularly back up data and maintain robust antivirus protection, with services starting at £60+VAT per month. 3. Strengthen passwords to mitigate vulnerabilities. 4. Verify that correct Microsoft licenses are being used to avoid potential fines. 5. Ensure proper ownership and access to website domains. 6. Seek Cyber Essentials certification to demonstrate adherence to cybersecurity best practices. Black Nova Designs supports over 1,000 clients across the UK, focusing on cybersecurity and proactive IT management.

Winsage

July 9, 2025

Windows Restrictions Fixer 2.0 restores disabled features with ease

Windows Restrictions Fixer is a lightweight tool designed to help users re-enable disabled features in Windows operating systems. It simplifies the process of identifying and fixing restrictions caused by administrative policies or third-party applications, requiring no technical expertise. The application features a minimalist interface with a single "Scan" button that detects active restrictions and provides a list with registry keys and descriptions. Users can select issues to resolve and click the "Fix Restrictions" button for automatic adjustments. Some changes may require a system restart to take effect. The latest version, 2.0, offers a redesigned interface, improved organization, and broader detection of restrictions. The app is available for free download from Softpedia.

Winsage

July 9, 2025

Zero Day Initiative — The July 2025 Security Update Review

In July 2025, Adobe released 13 bulletins addressing 60 unique CVEs across various applications, including ColdFusion, After Effects, and Illustrator. ColdFusion received a Priority 1 patch for 13 CVEs, five of which are Critical. FrameMaker's patch fixed 15 CVEs, including 13 Critical vulnerabilities. Illustrator's update addressed 10 bugs, with the most severe enabling code execution. Other applications like InCopy and InDesign also had Critical vulnerabilities fixed. Microsoft released 130 new CVEs across its products, with 10 rated Critical. Notable vulnerabilities include CVE-2025-47981, a heap-based buffer overflow in Windows SPNEGO, and CVE-2025-49717 affecting Microsoft SQL Server. CVE-2025-49704 allows code injection in SharePoint, while CVE-2025-49695 highlights an attack vector in Microsoft Office's Preview Pane.

Winsage

July 8, 2025

Microsoft Deprecates PowerShell 2.0 in Windows 11 Over Security Flaws

Microsoft has rolled out Windows 11 Insider Preview Build 27891 to the Canary Channel, which includes the removal of Windows PowerShell 2.0. The update features several critical system fixes, including: - Correction of the “Reset this PC” feature under Settings > System > Recovery. - Resolution of an issue affecting the taskbar's acrylic material effect. - Fix for Windows Update downloads that stalled at 2%. - Correction of character rendering problems for languages like Vietnamese and Arabic. Enhancements in File Explorer include a dropdown menu in the address bar that shows the complete folder path. Stability improvements in Settings aim to prevent crashes when accessing microphone properties or Bluetooth settings, although a new known issue may cause crashes in Settings > System > Power & Battery. Task Manager now features updated CPU utility calculations. The Microsoft Store has been updated to allow users to install apps and games directly from the top featured sections. Known issues include potential loss of Windows Hello PIN on Copilot+ PCs, graphical distortion for Remote Desktop users on Arm64 PCs, and incomplete localization of some features. Transitioning out of the Canary Channel requires a clean installation of Windows 11.

Winsage

July 7, 2025

Oh dear – Microsoft Windows Firewall was found to be complaining about…Microsoft code?

Microsoft has acknowledged an issue with Windows Firewall following the June 2025 preview update of Windows 11 24H2 (KB5060829, OS Build 26100.4484). Users may encounter an error event labeled 'Config Read Failed' with the message 'More data is available' each time they restart their device. Microsoft assures that this does not indicate a malfunction within Windows Firewall and can be disregarded. The issue is linked to a feature under development, and no timeline for a fix has been provided. Additionally, there is another issue affecting the display of Chinese, Japanese, and Korean characters at 96 DPI in Chromium-based browsers, which Microsoft is working on with Google.

AppWizard

July 7, 2025

Minecraft Bedrock 1.21.93 Hotfix Adds Chicken Jockey Music Disc and Key Fixes

Minecraft Bedrock has released version 1.21.93, introducing a new music disc titled Chicken Jockey, inspired by A Minecraft Movie. The update includes several bug fixes and improvements: - Resolved a bug with disappearing packs in world templates. - Enhanced split-screen access for older worlds on PlayStation and Nintendo Switch. - Upgraded graphics for torches and lanterns in the Vibrant Visuals setting, and adjusted bright text on signs to reduce excessive shine. - Fixed lag issues caused by a Happy Ghast being leashed too close to the ground. - Improved camera movement for mobile players using touch controls. To acquire the Chicken Jockey music disc, players must defeat a Chicken Jockey, which consists of a baby Zombie riding a Chicken, after which the disc will drop for use in a jukebox.

AppWizard

July 6, 2025

‘There are no plans to drop support for SteamOS’: The Finals devs commit to Steam Deck and Linux players despite new kernel-level anti-cheat

Embark Studios announced updates for their game, The Finals, focusing on enhanced security measures against cheating through the introduction of kernel-level anti-cheat technology in the 7.3 patch. This technology aims to combat cheats that use kernel-drivers to manipulate game memory. The developers confirmed their commitment to supporting players on Steam Deck and Linux platforms, stating there are no plans to drop support for SteamOS/Proton/Wine and/or SteamDeck. They have been collaborating with CodeWeavers since Season 5 to ensure quality assurance for each release. Players are encouraged to report any issues they encounter. The interest in SteamOS and other Linux distributions is rising as Windows 10 approaches its end of life. The Finals is currently in its seventh season since its launch in 2023.