Privia Security was chosen as one of Türkiye's fastest growing companies!
Privia Security was chosen as one of Türkiye's fastest growing companies!
There are millions of third-party applications in the Facebook ecosystem, and most of these applications do not have a bug bounty programme through which the vulnerabilities present in the application can be detected and reported. Facebook launched the “Data Abuse Bounty” programme in order to enhance the security of third-party applications and the websites within the platform, and to facilitate the detection of malicious applications that violate its own policies.
Facebook will offer a minimum reward of $500 depending on the impact and criticality of the reported vulnerability. If the developer of the third-party application in which the vulnerability is found has their own bug bounty programme, the researcher who discovered the vulnerability will be able to claim a reward both from Facebook and from the application developer.
45 critical security vulnerabilities present in the Adobe Acrobat and Adobe Reader applications have been remediated. The vulnerabilities in Adobe Acrobat and Adobe Reader, which are widely used by users, allow an attacker to take over computers by executing arbitrary code remotely. These security vulnerabilities have been fixed in Acrobat DC Continuous 2019.021.20047, Acrobat Reader DC Continuous 2019.021.20047, Acrobat DC Classic 2017 2017.0.011.30150, Acrobat Reader DC Classic 2017 2017.011.30150, Acrobat DC Classic 2015 2015.006.30504 and Acrobat Reader DC Classic versions.
In addition, a critical information disclosure present in the Adobe Experience Manager application allows an attacker to execute arbitrary code remotely without authorisation and to escalate privileges. These security vulnerabilities have been fixed in the most recent Adobe Experience Manager 6.3, 6.4 and 6.5 versions. In the Adobe Download Manager application, an attacker can perform a privilege escalation operation by replacing an Adobe DLL with a malicious DLL (DLL Hijacking). This issue has been fixed in Adobe Download Manager 2.0.0.417.
A 7-year-old RCE (Remote Code Execution) vulnerability was discovered in the iTerm2 terminal application. This vulnerability, tracked as CVE-2019-9539, was discovered during a security audit funded by MOSS (Mozilla Open Source Support).
According to the blog post published by Mozilla, this vulnerability stems from the tmux feature of the iTerm2 application and allows attackers to execute arbitrary commands on the system.
The vulnerability, which affects all versions of iTerm2 up to version 3.3.5, has been remediated with the released version 3.3.6. In order not to be affected by the security vulnerability, users are advised to update as soon as possible.
A critical security vulnerability was discovered in the Sudo programme present in NIX- and Linux-based operating systems. The “ALL” keyword in the RunAs feature found in the “/etc/sudoers” file allows all users in the root or sudo groups to perform operations on the system in an authorised manner.
With the security vulnerability tracked as CVE-2019-14287, a user can switch to root privileges and escalate their privileges by entering their own password instead of the root password. This bug in the Sudo utility stems from a bug occurring in the function that converts the user ID value into the username.
This vulnerability is present in all versions of sudo prior to 1.8.28. The existing version can be checked using the command “sudo –V”. In order not to be affected by the security vulnerability, it is recommended to install the latest version of Sudo.
You May Be Interested In These
