Microsoft released 14 security bulletins today, six rated critical. Among the fixes is a patch for a Windows kernel zero-day vulnerability disclosed by Google that was being used in attacks by the Sofacy APT gang.
Tag Archives: disclosure
Broken IBM Java Patch Prompts Another Disclosure
Current versions of IBM SDK 7 and SDK 8 remain vulnerable to a 2013 Java vulnerability. Security Explorations discovered the original patch is broken and disclosed details on the flaw and a proof-of-concept exploit.
Google Adds Grace Period to Disclosure Policy
Google announced that it was adding a 14-day grace period to its 90-day vulnerability disclosure deadline if the affected vendor says it will have a patch ready inside the extension.
GitHub Doubles Down on Maximum Bug Bounty Payouts
GitHub announced that it has doubled the maximum payouts possible via its bug bounty program to $10,000.
Unpatched Apple Vulnerabilities Latest Google Project Zero Disclosures
Three unpatched Apple OS X vulnerabilities were disclosed by Google’s Project Zero research team. Project Zero discloses if a bug is not patched within 90 days of reporting it to the affected vendor.
Round 2: Google Deadline Closes on Pair of Microsoft Vulnerabilities
Google Project Zero has disclosed a pair of unpatched Windows vulnerabilities after the expiration of its 90-day deadline. Microsoft said it will patch one bug in February, and both sides agree the second does not merit a security bulletin.
Google Engineers Critical of Aviator Browser Security
Google security engineers have criticized the security and privacy of WhiteHat Security’s Aviator browser, after finding a remote code execution vulnerability within hours of Aviator’s release as open source.