HackDig : Dig high-quality web security articles for hackers

No password required! “Sign in with Apple” account takeover flaw patched

byPaul DucklinA security reseacher from Delhi in India is a tidy $100,000 richer thanks to a bug bounty payout from Apple for an account takeover flaw that he discovered in the Sign in with Apple system.Bhavuk Jain, a serial bug bounty hunter, has described how he found the sort of bug that leaves you thinking, “It can’t have been that simple!
Publish At:2020-06-01 11:53 | Read:350 | Comments:0 | Tags:Apple Vulnerability responsible disclosure security bypass s

Patched Windows Kernel-Mode Driver Flaw Exploitable With One Bit Change

The vulnerabilities addressed in this month’s Patch Tuesday security bulletins from Microsoft have been a mashup of critical bugs affecting most supported versions of Windows and Internet Explorer that could pave the way for attackers to gain complete control of affected systems.Sounds like most months, for sure.But what sets this month apart is the re
Publish At:2015-02-12 23:40 | Read:3825 | Comments:0 | Tags:Microsoft Vulnerabilities Web Security CVE-2015-0057 enSilo

Monster IE Update Top Patch Tuesday Priority

Microsoft’s first foray into patching Internet Explorer in 2015 is still short one zero day fix.Today’s Patch Tuesday security bulletins included a monster IE rollup taking care of 41 vulnerabilities in the browser, and another bulletin patching a Windows zero day publicly disclosed by Google’s Project Zero research team. Missing, however,
Publish At:2015-02-11 00:40 | Read:2858 | Comments:0 | Tags:Microsoft Vulnerabilities Web Security elevation of privileg

Round 2: Google Deadline Closes on Pair of Microsoft Vulnerabilities

Two more unpatched Windows vulnerabilities on Thursday crossed into the public domain after the expiration of Google Project Zero’s self-imposed 90-day waiting period before disclosing bug details.Microsoft will patch only one of the vulnerabilities—in the upcoming February Patch Tuesday security bulletin release—while both sides agree the second flaw
Publish At:2015-01-16 19:25 | Read:2965 | Comments:0 | Tags:Microsoft Vulnerabilities Web Security Chris Betz coordinate

Microsoft Patches Vulnerability Under Attack and Google-Disclosed Zero Day

For the first time in more than a decade, the majority of Windows IT shops walked blindly into Patch Tuesday.After announcing last week that it would no longer provide its Advanced Notification Service of upcoming security bulletins to the public, Microsoft today ladeled eight bulletins upon admins’ plates, including a patch for a vulnerability publicl
Publish At:2015-01-13 17:45 | Read:3348 | Comments:0 | Tags:Microsoft Vulnerabilities directory traversal elevation of p

Mozilla fixes "phishing friendly" cryptographic bug in Firefox and Thunderbird

Here's a quick note about an important issue!Mozilla just patched a bug in its cryptographic library, NSS.NSS stands for Network Security Services, used by Mozilla products such as Firefox (web browsing), Thunderbird (email) and SeaMonkey (both).All these products have now been patched, including the Firefox Extended Support Release (ESR) versions.→ As
Publish At:2014-09-25 06:20 | Read:3602 | Comments:0 | Tags:Data loss Featured Firefox Vulnerability digital signature h

Tools

Tag Cloud