18 Jun 2019

Disgruntled security firm discloses zero-days in Facebook’s WordPress plugins

A security firm holding a grudge against WordPress recently released proof-of-concept (PoC) code for two zero-days affecting two official Facebook plugins for WordPress. The impacted plugins are “Messenger Customer Chat” (20,000 installations) and “Facebook for WooCommerce” (200,000 installations). The flaws are tricky to exploit, but can enable threat actors to

Read More
12 Jun 2019

Microsoft’s June 2019 Patch Tuesday fixes many of SandboxEscaper’s zero-days

As part of Patch Tuesday, Microsoft has issued fixed for 88 vulnerabilities in its products, 21 of which were critical security flaws. Patches were also released for the following 4 zero-days that have been released by Windows exploit developer SandboxEscaper since May. CVE-2019-1069 – A local privilege escalation (LPE) flaw

Read More
10 Jun 2019

SandboxEscaper Debuts ByeBear Windows Patch Bypass

Once again, Windows exploit developer SandboxEscaper has released a new zero-day exploit without disclosing the issue to Microsoft first. Last month, SandboxEscaper released five Windows exploits in a week. One of those exploits was a bypass for a patch that fixed a local privilege-escalation (LPE) flaw tracked as CVE-2019-0841. The

Read More
24 May 2019

Researcher publishes Windows zero-days for the third day in a row

On Thursday, Windows exploit developer “SandboxEscaper” once again released new zero-day exploits on her GitHub account. SandboxEscaper already released a zero-day on Tuesday and then two more exploits Wednesday, although it turns out one of the latter had already been patched by Microsoft. One of the new flaws is a

Read More
23 May 2019

Two More Zero-Day Vulnerabilities Released for Windows

Just one day after notorious Windows exploit developer “SandboxEscaper” released a Windows zero-day exploit, she posted two additional zero-days on her GitHub account. One is a sandbox escape impacting Internet Explorer 11 and the other is a local privilege escalation flaw affecting Windows Error Reporting. The latter is very difficult

Read More
22 May 2019

New Zero-Day Exploit for Bug in Windows 10 Task Scheduler

A notorious Windows exploit developer known by the moniker SandboxEscaper has released a new exploit that allows users with limited privileges to obtain complete control over files that can otherwise only be altered by admin accounts and system processes. The zero-day flaw affects the Task Scheduler utility and is relatively

Read More
10 Apr 2019

It’s raining patches, Hallelujah! Microsoft and Adobe put out their latest major fixes

As part of this month’s patch Tuesday, Microsoft and Adobe have issued a total of 117 fixes for security flaws. Microsoft released patches for 74 vulnerabilities, 15 of which are critical flaws. Two of the Windows vulnerabilities are zero-days that have been actively exploited in the wild. The flaws, classified

Read More
08 Mar 2019

Google: Chrome zero-day was used together with a Windows 7 zero-day

Threat actors have been exploiting a recently patched security flaw in Google Chrome by combining the flaw with a vulnerability affecting Windows 7 machines. The combination of vulnerabilities is critical, as it can enable hackers to take over targeted computers. While Windows is working to find a fix for the

Read More