Neowin News Feed for: Flaw

Microsoft releases emergency out-of-band .NET update to patch severe bug

Usama Jawad — Wed, 22 Apr 2026 00:14:01 +0000

A serious flaw in recent .NET builds has forced an urgent patch, with Microsoft warning impacted apps could grant attackers SYSTEM privileges. Read more...

WhatsApp just fixed a nightmare hack for iPhones and Macs

Usama Jawad — Fri, 29 Aug 2025 19:16:01 +0000

WhatsApp has recently fixed a rather dangerous vulnerability in iOS and macOS that was allowing hackers to steal data without any interaction from the user. Read more...

Google Project Zero exposes security flaw in libxslt library used in GNOME applications

Usama Jawad — Tue, 05 Aug 2025 13:36:01 +0000

Google's Project Zero team has publicly disclosed a UAF flaw in the popular libxslt library following GNOME's inability to fix it within 90 days of private reporting. Read more...

GitHub abused to host malware and create download links seemingly affiliated with Microsoft

Martin Hodás — Mon, 22 Apr 2024 13:50:01 +0000

File upload logic in GitHub's comments allows hackers to host malware on the service and abuse trusted developers and companies, such as Microsoft, to create legitimate-looking URLs. Read more...

Google discloses CentOS Linux kernel vulnerabilities following failure to issue timely fixes

Usama Jawad — Thu, 23 Mar 2023 11:18:01 +0000

Google's Project Zero security team has publicly disclosed multiple flaws in certain Linux kernels and distros following Red Hat's inability to fix them within the 90-day deadline assigned by Google. Read more...

Google announces new Vulnerability Reward Program specifically for open source software

Usama Jawad — Tue, 30 Aug 2022 11:00:02 +0000

Google has revealed an expansion to its Vulnerability Reward Program (VRP). It is designed to encourage privately reporting security flaws in open source software in exchange for monetary rewards. Read more...

June Patch Tuesday: Microsoft fixes Follina vulnerability but not DogWalk

Usama Jawad — Wed, 15 Jun 2022 09:16:02 +0000

Microsoft's latest Patch Tuesday updates - released yesterday - fix a lot of recently publicized security issues like Follina, however, DogWalk remains unpatched as Microsoft continues to downplay it. Read more...

Atlassian: There is a critical RCE flaw in Confluence, block internet access ASAP [Update]

Usama Jawad — Fri, 03 Jun 2022 08:58:01 +0000

Some IT admins may be in for a scare this weekend as Atlassian has warned of a critical RCE flaw affecting all Confluence Server and Data Center versions. Internet access should be restricted ASAP. Read more...

Protocol vulnerability allows launching malicious Windows Search by just opening Word file

Taras Buria — Thu, 02 Jun 2022 06:54:02 +0000

A newly discovered zero-day vulnerability in modern Windows versions allows bad actors to launch a Windows Search window and connect to infected directories using a single Word file. Read more...

CISA: Don't install Windows Patch Tuesday updates for May on Domain Controllers

Usama Jawad — Tue, 17 May 2022 07:06:01 +0000

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is no longer recommending the installation of May Patch Tuesday updates on Domain Controllers because of authentication issues. Read more...

AutoWarp: Microsoft publishes advisory about critical security hole in Azure Automation

Usama Jawad — Tue, 08 Mar 2022 06:28:02 +0000

Microsoft has published details about a security vulnerability dubbed "AutoWarp" in Azure Automation service. It could enable attackers to get access to resources of other Azure customers. Read more...

Google Project Zero detected the most vulnerabilities in Microsoft products recently

Usama Jawad — Thu, 10 Feb 2022 17:00:01 +0000

Google's Project Zero team has shared some interesting stats regarding its findings for the past couple of years today. Interestingly, it found the most security issues in Microsoft products. Read more...

Tesla recalls nearly 500,000 Model 3 and Model S units citing engineering flaws

Usama Jawad — Thu, 30 Dec 2021 18:18:01 +0000

Tesla has recalled nearly half a million Model 3 and Model S units for exhibiting engineering flaws related to the rearview camera and the front trunk, which can result in accidents in the worst case. Read more...

Microsoft discovers macOS "Shrootless" vulnerability, patch now available

Usama Jawad — Fri, 29 Oct 2021 03:48:01 +0000

Microsoft has revealed more details about a macOS vulnerability that it discovered and reported to Apple. A patch is now out for OS-level flaw "Shrootless" on macOS Monterey, Catalina, and Big Sur. Read more...

Microsoft downplays Azure AD design flaw enabling single-factor brute-force attacks [Update]

Usama Jawad — Thu, 30 Sep 2021 11:10:02 +0000

A security team has issued an advisory about an apparent design flaw which allows single-factor brute-force attack on Azure Active Directory. However, Microsoft says that this is by design. Read more...

Microsoft's PrintNightmare patch breaks printing for some... again

Usama Jawad — Sat, 18 Sep 2021 12:26:02 +0000

Microsoft has recently revealed that a KB update in August's Patch Tuesday effectively breaks printing for some organizations by repeatedly requiring admin credentials when printing. Read more...

Microsoft patches security vulnerability allowing data leaks in Azure Container Instances

Usama Jawad — Thu, 09 Sep 2021 06:08:02 +0000

Microsoft has patched a security flaw in the Azure Container Instances services that allowed data to leak across customers using the same clusters. Potentially affected customers have been notified. Read more...

ChaosDB: Major security flaw in Azure Cosmos DB exposed customer data for years

Usama Jawad — Fri, 27 Aug 2021 14:48:01 +0000

A major flaw in Azure Cosmos DB has exposed customer data and given admin access to it for the past couple of years. Microsoft has now patched the issue and asked customers to rotate their keys. Read more...

Google Project Zero reveals another Windows elevation of privilege vulnerability [Update]

Usama Jawad — Thu, 19 Aug 2021 07:58:01 +0000

Google Project Zero has disclosed yet another Windows vulnerability that can lead to elevation of privilege. Microsoft had initially stated that it would not resolve it, but is now working on a fix. Read more...

Google discloses new Rowhammer technique that alters memory contents of newer DRAM chips

Usama Jawad — Wed, 26 May 2021 04:44:01 +0000

"Half-double" is a Rowhammer exploit which grants access to wider memory addresses on newer DRAM chips. Malicious code can potentially take control of the full system through this hardware bypass. Read more...

Microsoft releases security updates for Exchange Server following report by the NSA

Usama Jawad — Wed, 14 Apr 2021 04:56:01 +0000

Microsoft has released a new set of security updates for numerous Exchange Server versions following the discovery of certain security flaws. Exchange Online once again contains protections already. Read more...

Google Project Zero discloses high severity elevation of privilege flaw in Windows

Usama Jawad — Thu, 24 Dec 2020 13:34:01 +0000

Following multiple delays from Microsoft, Google's Project Zero security team has disclosed yet another high severity security flaw in Windows. If exploited, it can cause elevation of privilege. Read more...

Google exposes 'high' severity flaw in Adreno GPUs following Qualcomm's botched fix

Usama Jawad — Tue, 15 Dec 2020 07:52:01 +0000

Following a botched fix by Qualcomm which caused a new kernel privilege escalation bug, Google Project Zero has publicly disclosed details of a high severity security flaw in the Adreno GPU driver. Read more...

GitHub finally fixes 'high' severity security flaw reported by Google Project Zero

Usama Jawad — Sat, 21 Nov 2020 06:44:01 +0000

The "high" severity security flaw in GitHub publicly disclosed by Google's Project Zero team earlier this month has finally been patched. The security team has validated the fix and closed it. Read more...

Google discloses 'high' severity security flaw in GitHub

Usama Jawad — Tue, 03 Nov 2020 06:08:01 +0000

Google's Project Zero team has disclosed a "high" severity security flaw in GitHub following the latter's inability to provide a fix in the 104 days - which includes a grace period - allotted to it. Read more...

Microsoft apparently just fixed a Windows security flaw first reported to it in 2018

Usama Jawad — Mon, 17 Aug 2020 08:28:01 +0000

A new report has emerged claiming that Microsoft fixed a significant security vulnerability in various versions of Windows, even though a Google-owned service disclosed it to Microsoft in 2018. Read more...

Google discloses 'medium' severity flaw in Windows following Microsoft's incomplete fix

Usama Jawad — Wed, 12 Aug 2020 05:42:01 +0000

Google's Project Zero team has publicly revealed yet another security flaw in Windows which allows elevation of privilege, claiming that Microsoft's fix is incomplete and does not resolve the issue. Read more...

Google reveals exploits for five interactionless security flaws in iOS

Hamza Jawad — Tue, 30 Jul 2019 14:08:01 +0000

Google's Project Zero members have disclosed five security flaws in iOS, four of which have been fixed by Apple in iOS 12.4. However, one of these still hasn't fully been patched yet. Read more...

Google reveals "high severity" flaw in macOS kernel

Usama Jawad — Sun, 03 Mar 2019 08:12:01 +0000

Google's Project Zero has exposed a "high severity" flaw in macOS' kernel XNU - which apparently has issues in its implementation of copy-on-write behavior - after Apple failed to fix it in 90 days. Read more...

Apple apologizes for FaceTime bug, fix coming next week

Usama Jawad — Fri, 01 Feb 2019 15:00:01 +0000

Apple has issued an apology for the FaceTime bug which allowed you to eavesdrop on others during group calls. An update to squash the bug will be rolled out to the public next week. Read more...

Spectre Variant 4 disclosed, mitigations to result in another performance hit

Usama Jawad — Tue, 22 May 2018 04:52:01 +0000

New variants of Spectre have been discovered by Microsoft and Google, which allow attackers to read privileged data. While mitigations will be available soon, they will result in a performance hit. Read more...

Critical flaw found in email encryption tools

Muhammad Jarir Kanji — Mon, 14 May 2018 12:32:01 +0000

Researchers today warned that a critical flaw in OpenPGP and S/MIME encryption tools could leave your electronic communications at risk, allowing attackers to read encrypted emails in plaintext form. Read more...

Google reveals a "medium" severity flaw in Windows 10 S

Usama Jawad — Fri, 20 Apr 2018 04:10:02 +0000

Despite Microsoft's repeated requests for an extension to the standard 90-day disclosure deadline, Google has gone on to reveal a "medium" severity flaw in systems with UMCI, such as Windows 10 S. Read more...

Windows security allegedly compromised due to CFG bypass; Microsoft investigating

Usama Jawad — Thu, 08 Mar 2018 03:48:01 +0000

It appears that Control Flow Guard (CFG) in Windows 8.1 and 10 can be bypassed, effectively putting 500 million computers at risk. Microsoft is investigating the issue and should have a fix soon. Read more...

Cortana could open unencrypted websites while your system is locked

Gurkaran Singh — Wed, 07 Mar 2018 21:44:01 +0000

Two independent Israeli researchers have found a loophole with Microsoft's digital assistant- Cortana. The assistant can be used by anyone with malicious intent to bypass a locked PC. Read more...

Google exposes security flaw in Microsoft Edge [Update]

Usama Jawad — Sat, 17 Feb 2018 08:52:01 +0000

After Microsoft's failure to fix a flaw in its Edge browser in the allotted time, Google has publicly disclosed the bug - which allows bypassing Edge's ACG and creating an executable page in memory. Read more...

Windows 10 bug lets malware bypass security scans using a null character

Muhammad Jarir Kanji — Mon, 19 Feb 2018 17:00:01 +0000

A bug in the Windows 10 Anti-Malware Scan Interface causes the security apparatus to truncate its scans when encountering a null character. The bug was fixed in this month's Patch Tuesday. Read more...

Microsoft to leave Skype bug needing massive rewrite unfixed for now

Muhammad Jarir Kanji — Tue, 13 Feb 2018 12:44:02 +0000

A newly discovered Skype bug that can allow an attacker to gain system-level privileges will be left unfixed for now, as Microsoft chooses to instead concentrate on creating a new client altogether. Read more...

Intel: Chips coming later this year to be free of Spectre and Meltdown flaws

John Keefer — Fri, 26 Jan 2018 00:26:02 +0000

In its quarterly earnings call for investors, the company vowed that it was working to fix the flaws in its chips, and vowed that its processors due out later this year will be vulnerability-free. Read more...

A text bomb can freeze or lock your iPhone; Fix coming next week [Update]

John Keefer — Wed, 17 Jan 2018 21:42:01 +0000

Security researchers are always trying to find ways to break devices or get into their code. If a problem is found, they alert the manufacturer to it can be fixed quietly. Others can be more vocal. Read more...