Adobe conducted a large-scale rollout of security updates for a variety of its products for February Patch Tuesday, including a critical patch for Flash Player that if exploited could result in arbitrary code execution in the context of the current user. Joining Adobe Flash Player in receiving security updates are Framemaker, Acrobat Reader and DC, Digital
Tag: Vulnerabilities
Cisco patches multiple vulnerabilities
Cisco released 14 security advisories on January 8 with two being rated as having a potentially high impact and the remainder listed as medium issues. The two rated high are CVE-2019-16005 and CVE-2019-16009. The first is a Cisco Webex video mesh node comm and injection vulnerability that if exploited could allow an authenticated, remote attacker to execute
Drupal’s Archive Tar patches multiple crititical vulnerabilities
Drupal Core announced multiple critical vulnerabilities that impact some of its configurations for versions: 8.8.x-dev, 8.7.x-dev, and 7.x-dev. The Drupal project uses the third-party library Archive_Tar, which released a security update – SA-CORE-2019-012, according to a Dec. 18 advisory. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The latest versions of Drupal update Archive_Tar to 1.4.9 to mitigate
WordPress patches four security vulnerabilities
WordPress has pushed out version 5.3.1 patching four security issues. WordPress versions 5.3 and earlier are affected and the company is recommending users download the new version, which is a short-cycle maintenance release and soon will be superseded by a full update when version 5.4 is released. The company did not make note of any CVEs, but
Mozilla patches 11 vulnerabilities in Firefox 71 and ESR 68.3
Mozilla issued patches for Firefox 71 and Firefox ESR 68.3 fixing 11 high- and moderate-rated vulnerabilities. The majority of the patches were shared between Firefox 71 and ESR 68.3 with Firefox 71 receiving an additional three fixes. The most severe of the shared patches are: CVE-2019-17008 is a use-after-free in worker destruction issue that if attacked could lead to an
VMware patches five security vulnerabilities
VMware pushed out security updates covering five vulnerabilities that if exploited could lead to information disclosure or a denial of service situation. The important-rated vulnerabilities are CVE-2019-5540, CVE-2019-5541 and CVE-2019-5542 and impact VMware Workstation Pro / Player and VMware Fusion Pro/Fusion. CVE-2019-5541 covers an out-of-bounds write vulnerability in e1000e virtual network adapter that could lead to
Microsoft Patch Tuesday covers 13 critical vulnerabilities
Microsoft today issued updates covering 74 vulnerabilities, 13 critical, as part of its November Patch Tuesday roll out with two flaws, CVE-2019-1429 and CVE-2019-1457, catching the eye of several cybersecurity researchers as particularly important. roll out with two flaws, CVE-2019-1429 and CVE-2019-1457, catching the eye of several cybersecurity researchers as
Capesand EK attacking IE, Flash vulnerabilities
The new Capesand exploit kit, possibly derived from an older EK, has been found being used to take advantage of Internet Explorer and Adobe Flash vulnerabilities. Trend Micro’s Elliot Cao, Joseph C. Chen and William Gamazo Sanchez came across Capesand while tracking a campaign that was using the Rig EK to DarkRAT and
Feds to boost scrutiny of airliner cybersecurity vulnerabilities
The Department of Homeland Security, Pentagon and Department of Transportation plan to bolster an established program that investigates airliner cybersecurity vulnerabilities. The Wall Street Journal is reporting the program would run tests on actual airplanes to probe for weaknesses, much like was done several years ago when an older Boeing 757
Vulnerabilities in IoT Devices Have Doubled Since 2013
Vulnerabilities in IoT Devices Have Doubled Since 2013 A follow-up study into the security of IoT devices has revealed more than twice the number of vulnerabilities as were detected six years ago. In the 2013 study SOHOpelessly Broken 1.0, researchers at Independent Security Evaluators (ISE) highlighted 52 vulnerabilities across 13 SOHO wireless routers and