The bug affects macOS High Sierra users.

Source: Apple macOS High Sierra flaw allows admin access without password – Nov. 28, 2017

Cisco Talos today warned of a flaw in the X.509 certificate validation feature of Apple macOS and iOS that could let an attacker remotely execute code and steal information.

Source: Cisco Talos warns of Apple iOS and MacOS X.509 certificate flaw

What does a Linux Security Hole look like?  Well, something like this. Never drop to a command shell when you have an error.  This is a debugging technique ONLY and should never end up in production code.  Especially with Root level access. Read More here: ZDNet: Major Linux security hole gapes open Security Doc Info Here: CVE-2016-4484

An Italian teen who we will call talented but irresponsible found  and developed an exploit of Apple’s Mac OS.  Talented in that he could find not just one but two in the relatively secure Mac OS.  Irresponsible in that he published the details on GitHub only hours after notifying the software giant of his discovery.  It is customary to allow the developer time to address and patch an issue before disclosing it to the world for every hacker to jump on and exploit.  What he did by discovering the flaws is commendable.  But by disclosing them without any adequate time for the developer (Apple) to respond is reckless and causes a large issue opening even more computers to hack attempts because of his rush to seek fame.  

The exploit he developed yields root access

Source: Italian teen finds two zero-day vulnerabilities in OS X | Network World

This the “Biggest smart-phone flaw ever”…  Was known by Google since at least April (with fix) but it’s still not out on a large number of it’s popular Android phones.  It may effect nearly a Billion phones.  Is yours one of them?

New research suggests that nearly one billion Android phones are capable of being hacked…and all it takes is a text.

Source: “Biggest smart-phone flaw ever discovered” impacts all Android phones made in the last five years | WTHITV.com

Attackers exploit zero-day flaw in popular WordPress plug-in | Network World.

Microsoft is upset that yet again Google has disclosed an as yet (at time of disclosure) unpatched flaw in Windows 8.1.  Google did give MS proper notification and a 90 day deadline to address the issue.  Microsoft if upset that Google didn’t extend its (set in stone) 90 day deadline to allow Microsoft to release the patch within it’s normal Patch window on what’s called “Patch Tuesday”. I agree with the cutoff myself.  Especially if you look at it like this..  Microsoft put out a product that has security issues in it, some have been there for years undiscovered by Microsoft as it releases new versions of it’s OS.  New versions that often are still susceptible to the same flaws.  Many of these flaws are brought to Microsoft’s attention from ethical outside sources including Google.  Unethical hacker may already know and be using these flaws for malicious purposes.  It’s reported that our own NSA knew about HeartBleed the SSL flaw for years and kept it silent to exploit it. So the question remains.  How much time should a company have to patch a flaw from the time it is informed of it?  Each day a fix is delayed is a possible exploit of systems and data.  Security breaches, stolen data, pictures, passwords, credit card & financial info.  So the question is…  Is 90 days long enough or is it too long?  Think of Sony, or iCloud or any other data breach you’ve heard of in the recent history.  Then think..  Should MS be upset about the  flaws being disclosed or should they Really be apologizing for not fixing it sooner? Read Network Worlds take on it at the link below.

Google discloses another unpatched Windows flaw, irritates Microsoft | Network World.

This illustrates the importance of doing windows updates and keeping an up to date OS (XP is dead!) BUT… Even doing this, some things can still slip through the cracks.  Some for well over a decade!  Read more below. Microsoft fixes security flaw in Windows that existed for 19 years | Hack Read.

You can compromise your computer by plugging an unknown USB stick to your computer.  If it’s not yours DON’T use it!   Read below.

Now Anyone Can Get the Malware That Exploits USBs Fundamental Flaw.

 

Patch Management is VERY important.  Are your systems properly patched?  There is a critical flaw in some Adobe products that if not patched might have you wishing you did.  Read the article below.

Users should patch critical flaw in Adobe Reader and Acrobat, researchers say | Network World.