Zero-Day - Geek Feed

Windows Update downgrade attack “unpatches” fully-updated systems

August 7, 2024August 8, 2024 geekfeed0Tagged Downdate, Downgrade Attack, windows, windows 10, windows 11, windows server, Windows Server 2019, Windows Server 2022, windows update, Zero-Day

SafeBreach security researcher Alon Leviev revealed at Black Hat 2024 that two zero-days could be exploited in downgrade attacks to “unpatch” fully updated Windows 10, Windows 11, and Windows Server systems and reintroduce old vulnerabilities. Microsoft issued advisories on the two unpatched zero-days (tracked as CVE-2024-38202 and CVE-2024-21302) in coordination with the Black Hat talk, […]

3 mins read

Google fixes Android kernel zero-day exploited in targeted attacks

August 6, 2024August 6, 2024 geekfeed0Tagged android, google, Kernel, Zero-Day

Android security updates this month patch 46 vulnerabilities, including a high-severity remote code execution (RCE) exploited in targeted attacks. The zero-day, tracked as CVE-2024-36971, is a use after free (UAF) weakness in the Linux kernel’s network route management. It requires System execution privileges for successful exploitation and allows altering the behavior of certain network connections. Google says that “there […]

2 mins read

WhatsApp for Windows lets Python, PHP scripts execute with no warning

July 28, 2024August 8, 2024 geekfeed0Tagged 0-day, Attachments, Python, Remote Code Execution, WhatsApp, Zero-Day

A security issue in the latest version of WhatsApp for Windows allows sending Python and PHP attachments that are executed without any warning when the recipient opens them. For the attack to be successful, Python needs to be installed, a prerequisite that may limit the targets to software developers, researchers, and power users. The problem […]

5 mins read