Patch News, Articles and Updates

Cisco patches denial of service flaw affecting VoIP Phones

Cisco patched a High severity IPv4 Fragmentation vulnerability which could result in a denial of service along with three other medium severity bugs.

Juniper Networks fixes 12 bugs in Junos OS, more in additional software

Juniper Networks yesterday issued 16 security advisories, announcing patches for multiple vulnerabilities found in its Junos OS, Junos Space, Contrail Service Orchestration (CSO), and Junos OS: cURL products, as well as the ISC BIND software included with Junos for SRX Series devices.

US CERT issues security advisory on Kea server for memory flaw

US-CERT issued a medium rated security advisory for Kea DHCP version 1.4.0 that could cause memory leakage resulting in the failure of memory locations.

July Patch Tuesday Microsoft covers 17 critical rated

Microsoft's July Patch Tuesday release covered more than 50 CVEs with 17 rated critical with the vast majority of these being in various Microsoft browser.

Apple patches 76 security issues with latest software releases

Apple got a small head start on Patch Tuesday pushing out updates for seven products on July 9, including, iTunes, Safari and iOS.

July Patch Tuesday: Adobe update covers more than 100 vulnerabilities

Adobe issued an extensive Patch Tuesday roundup pushing out fixes for 104 Acrobat and Reader issues, with 51 being rated critical, along with updates for Flash Player, Connect and Experience Manager.

WordPress issues out of band security and maintenance update

WordPress issued an out of band security and maintenance release patching 18 bugs with version 4.9.7 being pushed live today.

Patch Tuesday preview

On July 2018 Patch Tuesday-eve one industry analyst is setting his forecast for the big day tomorrow.

Unpatched Edge browser susceptible to Wavethrough bug

Researchers are encouraging Edge browser users to update their systems to protect themselves from CVE-2018-8235, an odd bug that uses abnormal audio files to enable a remote attacker to pul content from other open tabs.

Cisco patches 34 vulnerabilities, 5 critical

Cisco released patches for 34 flaws in its software including fixes for five critical arbitrary code execution vulnerabilities in FXOS, NX-OS and NX-API software.

Intel, ICS and Apple post Patch Tuesday alerts and patches

In the wake of June 2018 Patch Tuesday, alerts and patches were issued for another speculative execution vulnerability affecting Intel, a git issue with Apple and a flaw in the BIND open-source DNS software.

VMware patches RCE flaw for AirWatch Agent for Android, AirWatch Agent for Windows

VMware has released updates to resolve a remote code execution vulnerability in AirWatch Agent for Android and AirWatch Agent for Windows.

Foscam home security cameras updated to address root access vulnerabilities

Foscam home security issued an update for its home security systems after researchers found several vulnerabilities which if combined, could allow an attacker to gain root access to the cameras (via LAN or internet.

Mozilla patches heap buffer overflow in Firefox browsers

The Mozilla Foundation Security has released an advisory to patch critical vulnerabilities in Firefox and Firefox ESR products which could allow a remote attacker to take control of an affected system.

Patched Cisco ACS flaw lets attackers perform MITM attacks, steal admin credentials

Positive Technologies has elaborated on a critical remote code execution vulnerability its researchers discovered in the web interface of Cisco's Access Control Server (ACS), reporting that the bug can be leveraged to perform man-in-the-middle attacks, steal credentials, access network resources and intercept traffic.

Adobe issues critical patch after Flash zero-day bug actively exploited in Middle East

Adobe Systems today issued patches for four software vulnerabilities in Flash Player, including a zero-day flaw that attackers have been exploiting in the wild in targeted attacks against Windows users in the Middle East, possibly in Qatar.

Latest batch of Cisco updates patches 28 bugs, two critical

Cisco Systems yesterday issued 28 security updates that patch vulnerabilities found in a variety of products, including two critical bugs that were assigned a CVSS (Common Vulnerability Scoring System) base score of 9.8.

Major vulnerabilities in the EOS blockchain may push back Mainnet launch

Major vulnerabilities in the EOS blockchain and smart contracts platform may push back the Mainnet launch scheduled for June 2.

Google fixes 24 bugs in Chrome OS, security pass flaw in reCAPTCHA feature

Google on Tuesday released version 67.0.3396.62 of the Google Chrome operating system for Windows, Mac and Linux to its stable channel, in the process solving 24 vulnerabilities and introducing its "Site Isolation" security feature to additional users.

Schneider Electric patches XML External Entity vulnerability

Schneider Electric patched a vulnerability (CVE-2018-7783) in its SoMachine Basic that could result in the disclosure or retrieval of data during an out-of-band attack.

As world awaits patches, researchers divulge details of new Spectre Variants 3a and 4

The next-generation of Spectre speculative execution vulnerabilities in CPUs from AMD, ARM, and Intel has arrived in the form of Variants 3a and 4, following highly anticipated public disclosures from Google's Project Zero and Microsoft Corporation [1, 2].

Google may contractually require OEMs to perform regular patching

Google is looking into the possibility of requiring device manufacturers to regularly patch their devices, by incorporating such a provision into future OEM agreements, Google head of Android security David Kleidermacher announced in a presentation at the Google I/O Developer Conference last week.

Oracle WebLogic vulnerability exploited for cryptominers for second time this year

Cryptominers targeting Oracle's patched WebLogic vulnerability from 2017 have caused a spike in malicious traffic targeting Port 7001.

Adobe releases more updates following Patch Tuesday fixes

After patching a confusion flaw in Flash last week, Adobe announced new security updates for Adobe Acrobat and Reader for Windows and MacOS.

Chrome update for desktop operating systems repairs critical sandbox escape bug

Google's latest stable channel update for the Windows, Mac and Linux versions of Chrome fixes four vulnerabilities, including a critical bug that can lead to sandbox escape.

LG patches RCE bug in smartphone keyboards

LG on Monday released a security update fixing a high-severity remote code execution vulnerability found in the default keyboards of all its mainstream smartphone models.

Confusion over chipmakers' debug exception instructions prompts patching by OS developers

Multiple major operating systems and hypervisors contain a serious CPU chipset bug that could allow authenticated attackers to read sensitive data in memory and control certain low-level functions, prompting their developers to issue security updates patching this flaw.

Sierra Wireless patches router vulnerabilities

Sierra Wireless patched two vulnerabilities in several of its AirLink routers that if exploited could allow the execution of arbitrary code or gain full control of a system.