Close Menu
Technology Mag

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Google will use hashes to find and remove nonconsensual intimate imagery from Search

    September 18, 2025

    Moderna CEO Responds to RFK Jr.’s Crusade Against the Covid-19 Vaccine

    September 18, 2025

    Steam is dropping Windows 32-bit support in 2026

    September 18, 2025
    Facebook X (Twitter) Instagram
    Subscribe
    Technology Mag
    Facebook X (Twitter) Instagram YouTube
    • Home
    • News
    • Business
    • Games
    • Gear
    • Reviews
    • Science
    • Security
    • Trending
    • Press Release
    Technology Mag
    Home » Apple and Google Just Patched Their First Zero-Day Flaws of the Year
    Security

    Apple and Google Just Patched Their First Zero-Day Flaws of the Year

    News RoomBy News RoomFebruary 1, 20243 Mins Read
    Facebook Twitter Pinterest LinkedIn Reddit WhatsApp Email

    Later in January, Google released Chrome 121 to the stable channel, fixing 17 security issues, three of which are rated as having a high impact. These include CVE-2024-0807, a use-after-free flaw in WebAudio, and CVE-2024-0812, an inappropriate implementation vulnerability in accessibility. The final high-impact vulnerability is CVE-2024-0808, an integer underflow in WebUI.

    Obviously, these updates are important, so check and apply them as soon as you can.

    Microsoft

    Microsoft’s January Patch Tuesday squashes nearly 50 bugs in its popular software, including 12 remote code execution (RCE) flaws.

    No security holes included in this month’s set of updates are known to have been used in attacks, but notable flaws include CVE-2024-20677, a bug in Microsoft Office that could allow attackers to create malicious documents with embedded FBX 3D model files to execute code.

    To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint, and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it, Microsoft said.

    Meanwhile, CVE-2024-20674 is a Windows Kerberos security feature bypass vulnerability rated as critical with a CVSS score of 8.8. In one scenario for this vulnerability, the attacker could convince a victim to connect to an attacker-controlled malicious application, Microsoft said. “Upon connecting, the malicious server could compromise the protocol,” the software giant added.

    Mozilla Firefox

    Hot on the heels of its market-dominant competitor Chrome, Mozilla’s Firefox has patched 15 security flaws in its latest update. Five of the bugs are rated as having a high severity, including CVE-2024-0741, an out-of-bounds write issue in Angle that could allow an attacker to corrupt memory, leading to an exploitable crash.

    An unchecked return value in TLS handshake code tracked as CVE-2024-0743 could also cause an exploitable crash.

    CVE-2024-0755 covers memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. “Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code,” Mozilla said.

    Cisco

    Enterprise software giant Cisco has patched a vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products that could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.

    Tracked as CVE-2024-20253 and with a whopping CVSS score of 9.9, Cisco said an attacker could exploit the vulnerability by sending a crafted message to a listening port of an affected device.

    “A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user,” Cisco said. “With access to the underlying operating system, the attacker could also establish root access on the affected device,” it warned.

    SAP

    SAP has issued 10 new security fixes as part of its January Security Patch Day, which includes several issues with a CVSS score of 9.1. CVE-2023-49583 is an escalation-of-privilege issue in applications developed through SAP Business Application Studio, SAP Web IDE Full-Stack, and SAP Web IDE for SAP HANA.

    Meanwhile, CVE-2023-50422 and CVE-2023-49583 are escalation-of-privilege issues in SAP Edge Integration Cell.

    Another notable flaw is CVE-2024-21737, a code injection vulnerability in SAP Application Interface Framework, which has a CVSS score of 8.4. “A vulnerable function module of the application allows an attacker to traverse through various layers and execute OS commands directly,” security firm Onapsis said. “Successful exploits can cause considerable impact on confidentiality, integrity, and availability of the application.”

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Email
    Previous ArticleLinda Yaccarino Says X Needs More Moderators After All
    Next Article Toward a unified taxonomy of text-based social media use

    Related Posts

    Here’s What to Know About Poland Shooting Down Russian Drones

    September 16, 2025

    Jeffrey Epstein’s Yahoo Inbox Revealed

    September 16, 2025

    Charlie Kirk Shooting Suspect Identified as 22-Year-Old Utah Man

    September 16, 2025

    A New Platform Offers Privacy Tools to Millions of Public Servants

    September 15, 2025

    Apple’s Big Bet to Eliminate the iPhone’s Most Targeted Vulnerabilities

    September 13, 2025

    Defense Department Scrambles to Pretend It’s Called the War Department

    September 12, 2025
    Our Picks

    Moderna CEO Responds to RFK Jr.’s Crusade Against the Covid-19 Vaccine

    September 18, 2025

    Steam is dropping Windows 32-bit support in 2026

    September 18, 2025

    Big Businesses Are Doing Carbon Dioxide Removal All Wrong

    September 18, 2025

    Nvidia invests $5 billion into Intel to jointly develop PC and data center chips

    September 18, 2025
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    Science

    Whole-Genome Sequencing Will Change Pregnancy

    By News RoomSeptember 18, 2025

    The world of pregnancy is going to radically change, predicts Noor Siddiqui. “I think that…

    Samsung brings ads to US fridges

    September 18, 2025

    The Quest to Find the Longest-Running Simple Computer Program

    September 18, 2025

    Meta’s new Ray-Ban smart glasses have twice the battery life

    September 18, 2025
    Facebook X (Twitter) Instagram Pinterest
    • Privacy Policy
    • Terms of use
    • Advertise
    • Contact
    © 2025 Technology Mag. All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.