CYBER NEWS

Update PHP to Version 7.02, Spare Your App a Buffer Overflow

PHP-STFHere is an important piece of news that concerns developers, PHP devs in particular. PHP has received several crucial updates that have taken care of security-related flaws. Versions 7.0.2, 5.6.17 and 5.5.31 are already available for download.

As reported by InfoWorld’s Fahmida Y. Rashid, Version 7.0.2 put an end to six security vulnerabilities that were present in PHP 7. Version 5.5.31, on the other hand, eliminated five bugs in PHP 5.5, which will be supported until July 2016.

Previous version PHP 5.4 was ended in October and is not supported any longer. That is why developers still using PHP 5.4 should immediately upgrade to a newly updated version.

Why is updating crucial?
Many applications are written in PHP, and if they’re not maintained properly (a.k.a. updated frequently), they can easily fall victims to attacks. Taking advantage of zero-day vulnerabilities is an attack scenario that still hasn’t gone out of fashion.

What should we know about PHP 7.02?

PHP 7.02 updates are mainly focused on fixing address segmentation faults in Core. 7.02 patched 14 vulnerabilities in PHP Core. The latest updates also fixed a four-year old vulnerability known as 55651.

Remote code execution exploits fixed

One of the more important fixes prevents remote code execution. A heap buffer overflow in Standard, referred to as a theoretical buffer overflow by some users, has been fixed as well.

What is a buffer overflow attack?
Buffer overflows are common in malicious attack scenarios. Buffer overflows can be initiated by inputs, designed to execute code, or change the way a program functions. Buffer overflows may lead to inconsistent program behavior and may cause memory access errors, incorrect results, crashes, or breaches of system security. That is why buffer overflows are applied in various software vulnerabilities and are often exploited in malicious operations.

Other fixed vulnerabilities in the latest PHP versions include:

  • A memory read error in the GD graphics library identified as 70976;
  • A user-after-free vulnerability in WDDX known as 70661;
  • Two type confusion vulnerabilities in WDDX known as 70741 and 70728.
Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...