CHRIMT: Tech.

Firefox launches emergency update to fix vulnerability

Mozilla released, on Wednesday (19) an emergency update for Firefox that fixes a critical vulnerability zero day. Discovered by members of Google Project Zero and Coinbase Security, the bug allows a malicious site to infiltrate dangerous code on the computer through the browser.

In a note on the security update, Mozilla stated that it has already detected hacker attacks from the security breach.

Known as "type confusion", the failure is related to the manipulation of JavaScript objects.

It was not announced by Mozilla the goal of hacker attacks from the vulnerability. The fix has already been released in versions 67.0.3 or ESR 60.7.1 of Firefox, available for free as an upgrade or via new download.

Similar failures have been common in Flash Player in the past. In theory, a hacker would be able to trick the browser into letting compromised material pass to the victim's PC.

Although there is already a patch available, the bug in Firefox causes concern for the delay in identifying the problem: according to Mozilla, there are already criminals exploiting the security breach. It is not known, for now, the number of victims hit, nor the motivation for the attacks.

How to update Firefox and protect yourself

Those who have the Firefox browser installed should have already received the new version automatically. In that case, just close and reopen the browser to apply the update.

You can also download the latest browser version from the Mozilla website at the following address: mozilla.org/en/firefox/new

In any case, users can manually download the Firefox update from their browser settings.

To do this, open the main menu, go to the "Options" item and scroll to the "Firefox Update" section. Make sure version 67.0.3 or higher is installed. To ensure that future updates are automatically obtained, check the "Install updates automatically" option.

Source:www.techtudo.com.

Dell PCs under security threat update yours now

If you have a Dell laptop, this is a good time to update your system. Even if your computer is not manufactured by Dell, it is possible that a new vulnerability will affect you.

The existence of a serious security breach has been unveiled in Dell PCs by Researchers at SafeBreach Labs. The breach would allow hackers to easily access sensitive information on your computer without your knowledge. To protect yourself and avoid being hacked install the latest update available without delay.

Dell released a security advisory regarding the CVE-2019-12280 vulnerability identified in the SupportAssist application, designed by PC Doctor. As the IT giant explains on it's website, it is an " application that proactively checks the status of hardware and software in your system. " If there is a problem, the program sends Dell the necessary status information to start troubleshooting. SupportAssist is installed by default on all devices of Dell brand.

The flaw concerns both the version of SupportAssist installed on professional computers (version 2.0) and domestic versions (versions 3.2.1 and earlier), ie millions of PCs in circulation, explains Dell. According to a report by SafeBreach, the firm specialized in cybersecurity, the flaw could allow an attacker to take control of a remote computer to siphon data contained on it.

There are some concerns that this failure could affect PCs made by other companies.

SupportAssist is a renamed version of the Windows hardware diagnostic tool called PC-Doctor Toolbox. This product has also been renamed to: Corsair ONE Diagnostics, Corsair Diagnostics, Staples EasyTech Diagnostics, Tobii I-Series Diagnostic Tool and Tobii Dynavox Diagnostic Tool.

The most effective way to prevent your DLLs from being hijacked is to install patches. To fix this bug, allow automatic updates or download the latest version of Dell SupportAssist for Corporate PCs ( x86 or x64 ) or home PCs. For now, it is unclear if the flaw has already been exploited by pirates.