All news with #use-after-free tag

December Patch Tuesday: Active Windows Cloud Files Zero Day

🚨 Microsoft’s December Patch Tuesday delivers 57 fixes, but an actively exploited zero-day in Windows Cloud Files Mini Filter Driver (CVE-2025-62221) requires immediate remediation. The flaw is a low-complexity use-after-free escalation-of-privilege that can enable a local foothold to become full system compromise. Security teams should prioritize this patch, enforce least-privilege controls, and enhance monitoring where rapid patching isn't possible.

CISA Adds Two Vulnerabilities to Known-Exploited Catalog

🔒 CISA has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-6218 (WinRAR path traversal) and CVE-2025-62221 (Microsoft Windows use-after-free). The agency cited evidence of active exploitation and emphasized that these flaws are frequent attack vectors posing significant risk to the federal enterprise. CISA reiterated that BOD 22-01 requires FCEB agencies to remediate cataloged CVEs by the required due dates and urged all organizations to prioritize timely remediation.

December 2025 Patch Tuesday: One Zero-Day, 57 CVEs Addressed

🔔 Microsoft’s December 2025 Patch Tuesday addresses 57 CVEs, including one actively exploited Important zero‑day in the Windows Cloud Files Mini Filter Driver and two publicly disclosed Important zero‑days impacting GitHub Copilot for JetBrains and PowerShell. Two Critical RCE flaws in Microsoft Office increase urgency for enterprise patching and remediation. Organizations should prioritize applying Microsoft fixes, adopt layered mitigations where patches are delayed, and use CrowdStrike Falcon dashboards to track affected assets and remediation progress.

Intellexa Continues Exploitation of Zero-Day Bugs Worldwide

🔍 Google Threat Intelligence Group (GTIG) analysis shows that Intellexa, vendor of the Predator spyware, continues to develop and deploy zero‑day exploits against mobile browsers and operating systems despite sanctions. GTIG attributes 15 unique zero‑days to Intellexa out of roughly 70 discovered since 2021, spanning RCE, sandbox escape, and LPE flaws on iOS, Android, and Chrome. The company uses modular exploit frameworks, acquires exploit chain steps from third parties, delivers payloads via one‑time messaging links and malvertising, and embeds anti‑analysis watcher modules to abort operations on detection.

Talos Discloses TruffleHog, Fade In, and BSAFE Flaws

🔒 Cisco Talos’ Vulnerability Discovery & Research team disclosed multiple vulnerabilities affecting TruffleHog, Fade In, and Dell BSAFE Crypto-C, including arbitrary code execution, out-of-bounds write/use-after-free, and integer/stack overflow issues. The issues were reported by Talos researchers and external collaborators and vendors have issued patches following Cisco’s disclosure policy. Users should apply vendor updates, deploy updated detection rules such as Snort signatures, and consult Talos advisories for indicators and recommended mitigations.

Critical 10.0 RCE Flaw in Redis Exposes 60,000 Instances

⚠ The popular Redis in-memory data store received an urgent patch for a critical use-after-free vulnerability tracked as CVE-2025-49844 (RediShell), which can escape the Lua script sandbox and achieve remote code execution on the host. Exploitation requires authentication, but many deployments disable it; researchers estimate roughly 60,000 internet-exposed instances lack authentication. Redis released fixes on Oct. 3 across multiple branches and administrators are urged to patch exposed servers immediately and enable hardening controls.

Redis 13-Year Use-After-Free Flaw Rated CVSS 10.0 Severity

⚠️ Redis disclosed a maximum-severity vulnerability, CVE-2025-49844 (RediShell), a use-after-free bug in its Lua scripting implementation that has been assigned a CVSS score of 10.0. An authenticated user can submit crafted Lua scripts to manipulate the garbage collector, trigger a use-after-free, and potentially achieve remote code execution on the host. The issue affects all Redis versions with Lua and was fixed in 6.2.20, 7.2.11, 7.4.6, 8.0.4, and 8.2.2 (released Oct 3, 2025). Administrators should immediately restrict EVAL/EVALSHA via ACLs, avoid exposing Redis instances to the internet, enforce strong authentication, and apply the patches without delay.

Redis warns of critical Lua RCE flaw in many instances

🔒 The Redis security team has released patches for CVE-2025-49844, a maximum-severity use-after-free in the bundled Lua interpreter that can enable remote code execution when an attacker supplies a specially crafted Lua script. Wiz researchers, who disclosed the issue at Pwn2Own Berlin and dubbed it RediShell, found approximately 330,000 Redis instances exposed online and at least 60,000 requiring no authentication. Administrators should apply the published fixes (for example, 7.22.2-12 and later; OSS/CE/Stack variants also updated) immediately and implement mitigations such as enabling authentication, disabling Lua scripting where possible, running Redis as a non-root user, and restricting network access.

Cisco Talos Discloses Multiple Nvidia and Adobe Flaws

⚠ Cisco Talos disclosed five vulnerabilities in NVIDIA's CUDA Toolkit components and one use-after-free flaw in Adobe Acrobat Reader. The Nvidia issues affect tools like cuobjdump (12.8.55) and nvdisasm (12.8.90), where specially crafted fatbin or ELF files can trigger out-of-bounds writes, heap overflows, and potential arbitrary code execution. The Adobe bug (2025.001.20531) involves malicious JavaScript in PDFs that can reuse freed objects, leading to memory corruption and possible remote code execution if a user opens a crafted document.

Microsoft September 2025 Patch Tuesday: 86 Fixes Guidance

🔒Microsoft released its September 2025 security update addressing 86 vulnerabilities across Windows, Office, DirectX, Hyper-V and related components. Microsoft reported no active in-the-wild exploitation but identified eight flaws where exploitation is more likely, including a network RCE in NTFS (CVE-2025-54916). Talos published Snort rules to detect attempts and recommends administrators prioritize patches and update IDS/IPS signatures promptly.

YARA-X 1.0.0 Stable Release: Faster, Safer YARA Now

🚀YARA-X 1.0.0 is now stable, delivering a Rust-based, memory-safe engine while preserving broad compatibility with existing YARA rules. YARA-X runs heavy regular expressions and deep loops roughly 5–10× faster than the legacy YARA 4.x engine and returns clearer, line-accurate error messages. The CLI adds colored output, JSON/YAML dumps, shell completions and a built-in formatter to improve tooling and developer workflows. VirusTotal reports stable, production use in Livehunt and Retrohunt at scale and encourages users to test and provide feedback.