Firefox, make it 0-day used to run malware on Macs: Better to upgrade
A ” type confusion ” vulnerability allows an attacker to execute malicious code through Firefox. The bug has been fixed, and the update is highly recommended.
The Firefox team has released a critical update to fix a 0-day vulnerability on the browser that has already been actively exploited. The latest generation browsers are all extremely secure if they are constantly updated, but this is not true with the 0-day vulnerabilities that have not yet been corrected. In these cases, a browser is used that could be attacked by potential attackers.
Precisely for this reason those who use Firefox as their main or secondary browser, should quickly update to version 67.0.3, the only one currently safe from the recently discovered 0-day vulnerability. A security note released by the company states that the impact of the present bug – called ” type confusion vulnerability ” – is ” critical ” : the problem seems to be present on Array.pop.
The crash is exploitable through the execution of code exploiting the bug on Array.pop, with the company that confirms to be ” aware of targeted attacks that exploit this flaw “. The discovery of the bug was made by Samuel Groß, Google’s prolific Project Zero, and the Coinbase security team. The vulnerability is assumed to come.
In any case, there are no contraindications to update to the latest and safest version of Firefox, and the update is recommended for all users through browser settings or from the official website.
The procedure should also be completed automatically, especially if the user has not indicated otherwise in the Settings. It is curious to note that the update was released only during this week, but the first reports of the Project Zero vulnerability date back to last April.
