Showing 4 results for: May 2018 ×

Breakdown of the EFAIL Email Vulnerabilities

hullabaloo [huhl-uh-buh-loo], noun, plural hullabaloos. a clamorous noise or disturbance; uproar. Recently there has been a hullabaloo about a vulnerability called EFAIL, that, as is the fashion these days, came with its own website, and logo, here. EFAIL generated intense...

CVE-2018-8174 and Forcing Internet Explorer Exploits

A zero day exploit was discovered targeting trade agencies and other related organizations in China toward the end of April. The vulnerability is a Use-After-Free (UAF) memory corruption bug in the Microsoft VBScript engine. By taking advantage of the vulnerability,...

CVE-2018-1000136 - Electron nodeIntegration Bypass

A few weeks ago, I came across a vulnerability that affected all current versions of Electron at the time (< 1.7.13, < 1.8.4, and < 2.0.0-beta.3). The vulnerability allowed nodeIntegration to be re-enabled, leading to the potential for remote code execution. If you're unfamiliar with Electron, it is a popular framework that allows you to create cross-platform desktop applications using HTML, CSS, and JavaScript.

Patch Tuesday, May 2018

May's Patch Tuesday is here and it looks like these monthly releases have plateaued at around 70 CVEs patched per month. May comes in with 68 CVEs total including 21 rated "Critical", 44 rated "Important", and three rated "Low". Among...