πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Developers Need More Usable Static Code Scanners to Head Off Security Bugs πŸ•΄

As companies "shift left" -- pushing more responsibility for security onto developers -- the tools that are available are falling short, usability researchers say.

πŸ“– Read

via "Dark Reading: ".
Dark Reading
Developers Need More Usable Static Code Scanners to Head Off Security Bugs
As companies shift left -- pushing more responsibility for security onto developers -- the tools that are available are falling short, usability researchers say.
130 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Microsoft Patches 120 Vulnerabilities, Two Zero-Days πŸ•΄

The August 2020 Patch Tuesday marks the sixth month in a row Microsoft released patches for more than 110 vulnerabilities.

πŸ“– Read

via "Dark Reading: ".
Darkreading
Microsoft Patches 120 Vulnerabilities, Two Zero-Days
The August 2020 Patch Tuesday marks the sixth month in a row Microsoft released patches for more than 110 vulnerabilities.
131 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Two 0-Days Under Active Attack, Among 120 Bugs Patched by Microsoft ❌

One of the two zero-day bugs is rated β€˜critical’ and is classified as a remote code-execution bug impacting Microsoft’s Internet Explorer.

πŸ“– Read

via "Threatpost".
Threat Post
Two 0-Days Under Active Attack, Among 120 Bugs Patched by Microsoft
One of the two zero-day bugs is rated β€˜critical’ and is classified as a remote code-execution bug impacting Microsoft’s Internet Explorer.
129 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0260

There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152225183

πŸ“– Read

via "National Vulnerability Database".
118 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0259

In android_verity_ctr of dm-android-verity.c, there is a possible way to modify a dm-verity protected filesystem due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157941353References: N/A

πŸ“– Read

via "National Vulnerability Database".
115 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0258

In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. This could lead to local information disclosure in the application that is started next with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-157598956

πŸ“– Read

via "National Vulnerability Database".
106 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0257

In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a permissions bypass due to an incomplete cleanup. This could lead to local escalation of privilege in isolated processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-156741968

πŸ“– Read

via "National Vulnerability Database".
104 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0256

In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-152874864

πŸ“– Read

via "National Vulnerability Database".
98 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0254

There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647751

πŸ“– Read

via "National Vulnerability Database".
99 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0253

There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152647365

πŸ“– Read

via "National Vulnerability Database".
96 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0252

There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152236803

πŸ“– Read

via "National Vulnerability Database".
95 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0251

There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647626

πŸ“– Read

via "National Vulnerability Database".
94 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0250

In requestCellInfoUpdateInternal of PhoneInterfaceManager.java, there is a missing permission check. This could lead to local information disclosure of location data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154934934

πŸ“– Read

via "National Vulnerability Database".
93 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0249

In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-154719656

πŸ“– Read

via "National Vulnerability Database".
93 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0248

In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154627439

πŸ“– Read

via "National Vulnerability Database".
92 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0247

In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1Android ID: A-156087409

πŸ“– Read

via "National Vulnerability Database".
91 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0243

In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-8.0 Android-8.1Android ID: A-151644303

πŸ“– Read

via "National Vulnerability Database".
95 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0242

In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151643722

πŸ“– Read

via "National Vulnerability Database".
98 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0241

In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151456667

πŸ“– Read

via "National Vulnerability Database".
101 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0240

In NewFixedDoubleArray of factory.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150706594

πŸ“– Read

via "National Vulnerability Database".
108 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0239

In getDocumentMetadata of DocumentsContract.java, there is a possible disclosure of location metadata from a file due to a permissions bypass. This could lead to local information disclosure from a file (eg. a photo) containing location metadata with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-151095863

πŸ“– Read

via "National Vulnerability Database".
114 views