bugs

Google has revealed it paid $10 million in bounties to people who spotted security bugs in its products last year. More people earned rewards than in an equivalent Microsoft program, though Google paid out less per person. Such programs are designed ... not only to boost security but to encourage security researchers to work for good, rather than exploit bugs. However, critics say tech companies should put more of their resources into making software as bug-free as possible to start with. Google paid out a total of $10 million in 2023, split between 632 researchers in 68 countries. The highest ... (view more)

Microsoft has accidentally leaked a tool that lets users try out every new feature that's in development. It's grabbed the attention of tech enthusiasts but is very much not a good idea for the average user. The tool came to light when Microsoft ... promoted an event called "Bug Bash". Normally that's an internal "all hands on deck" process where developers are told to hold off their normal work for a set period and instead concentrate solely on finding bugs in software. Microsoft opened this process up to members of the Windows Insider program that lets the public access in-development version ... (view more)

The number of 0-day bugs, which give hackers a dangerous advantage, fell in 2022 according to Google. However, the company warns this may risk misleading complacency that forgets other factors. The figures come from Google's Threat Analysis Group, ... which aims to track, identify and report security bugs, regardless of the software or hardware concerned. The logic is that the better Internet security is overall, the better it is for an Internet-dependent business such as Google. For the past nine years, it's put together an annual tally of 0-day bugs. While definitions vary, Google classes them ... (view more)

At least half the zero-day bugs discovered by Google this year were preventable according to one of its security experts. She pointed to sloppiness by software developers. The claims came in a talk and subsequent blog post by Maddie Stone. She's ... part of Google's Project Zero security program. While precise definitions sometimes vary, the general principle of a zero-day bug is that it's where attackers are exploiting the vulnerability before the software developers have a chance to develop a fix - in most cases because they aren't even aware of the bug. The name comes from the way the ... (view more)

Two separate reports point to a spike in zero-day bugs . That's when would-be attackers trying to exploit a bug have a head-start over developers who are trying to fix and patch it. When software developers discover a security vulnerability (or are ... told about it by responsible researchers), they are in a race against time to find and roll out a fix before attackers discover it and start trying to take advantage. Often they'll only have a matter of days. A zero-day bug is defined as one whose existence is (or was) discovered by hackers before it is known to the software developers. That means ... (view more)

As many as 100 million PCs could still be running Windows 7 according to a newly-published estimate. That's despite Microsoft withdrawing support for the 11-year old system last year. The estimate comes from Ed Bott of ZDNet and is based on data ... published at analytics.usa.gov. That brings together site visitor data from most US government agencies. It means the figures will primarily represent visitors from the United States. (Source: zdnet.com ) Bott notes that across the agencies, 8.5 per cent of visitors in the past 90 days were running Windows 7 and 3.4 percent running Windows 8 or 8.1. ... (view more)

Microsoft is rethinking the way it releases new features through Windows Update. New "Feature Experience Packs" will come out separately to the two major updates each year. The idea is to use the packs to release features and updates for tools that ... fall into a gray area where they aren't an integral part of the Windows 10 operating system itself, but aren't really applications in their own right. The packs will be released as and when they are ready. That opens up the possibility that these "unscheduled" updates could also be used for improvements and fixes to Windows itself without having to ... (view more)

Researchers say they discovered eight security flaws in the way Android handles voice calls through the Internet. Unlike most such bugs which involve specific apps, these problems were with Android itself. The good news is that the researchers ... reported all of the bugs to Google while carrying out the project and most have now been fixed. However, it does raise concerns about the development and design of the system itself. (Source: github.io ) The researchers looked at the three latest Android versions (7, 8 and 9), specifically addressing the components that allow Voice Over Internet ... (view more)

Users of both Apple devices and the VLC media player should watch out for potentially serious security bugs. The former is a particular embarrassment for Apple. It turns out the company fixed a security bug in iOS 12.3 in April, then accidentally ... removed the fix in iOS 12.4, which it released last month. It now plans to fix it imminently in an emergency update to be titled iOS 12.4.1. The bug is very serious as it potentially allows a rogue app to "execute arbitrary code with system privileges." That effectively means malware could have complete control over an iOS device, something that's ... (view more)

According to a recent report, Microsoft products made up eight of the ten most exploited software bugs last year according to a security company. That's higher than in recent years, largely because Adobe Flash is becoming a less rewarding target for ... hackers as it loses popularity. As recently as 2015, most of the top ten involved bugs with Flash. Microsoft took the unwanted lead in 2017 with seven entries on the list. (Source: bleepingcomputer.com ) Internet Explorer Tops The List The top spot for 2018 went to a bug in the Windows VBScript engine . That's a tool that handles code designed for ... (view more)