iOS 11 Update includes Patches for Eight Vulnerabilities
Apple released a number of patches, including a security update for iOS 11, which is available today. Source: www.threatpost.com
Mobile Security
Attackers Use Undocumented MS Office Feature to Leak System Profile Data
An undocumented Microsoft Office feature allows for spying via specially crafted Word documents—no macros, exploits or any other active content needed. Source: www.threatpost.com
Premium SMS Malware ‘ExpensiveWall’ Infects Millions of Android Devices
Google has ejected 50 apps from its Google Play store that were harboring mobile malware dubbed ExpensiveWall. Source: www.threatpost.com
Microsoft Patches .NET Zero Day Vulnerability in September Update
Microsoft fixes 25 critical vulnerabilities including one zero day under attack and one tied to the high-profile BlueBorne attack vector. Source: https://threatpost.com
Wireless ‘BlueBorne’ Attacks Target Billions of Bluetooth Devices
Bluetooth attack vector, dubbed ‘BlueBorne’, leaves billions of smart Bluetooth devices open to attack including Android and Apple phones and millions more Linux-based smart devices. Source: www.threatpost.com
Android Users Vulnerable to ‘High-Severity’ Overlay Attacks
Android phones not running the latest Oreo OS are vulnerable to a high-severity “toast” overlay attack. Source: www.threatpost.com
Tor Project Brings Security Slider Feature to Android App Orfox
Tor Project developers recently bolstered Orfox, a Tor Browser for Android devices, to help privacy-conscious mobile browsers better customize their security. Source: www.threatpost.com
Multiple Vulnerabilities Found in NVIDIA, Qualcomm, Huawei Bootloaders
Researchers find six previously unknown memory corruption and unlock-bypass vulnerabilities in major chipset vendors’ firmware code. Source: www.threatpost.com
13 Critical Remote Code Execution Bugs Fixed in September Android Update
Google fixed 81 vulnerabilities, including 13 critical remote code execution bugs, in the September edition of its Android Security Bulletin on Tuesday. Source: www.threatpost.com
WireX Variant Capable of UDP Flood Attacks
F5 Labs has detected a WireX variant capable of launching UDP flood DDoS attacks. Source: www.threatpost.com