Patch | SC Media

Patch

Apple releases security updates for iOS, iTunes, more

By

Apple has released security updates for several of its products to address vulnerabilities that could allow an attacker to take control of an infected system. The vulnerabilities affect  iCloud for Windows, Safari, iTunes, various macOS versions, tvOS and iOS, among other products, according to a Dec. 5 US-CERT advisory. “NCCIC encourages users and administrators to…

Google to make Chrome 71 available

By

Google announced it will begin releasing the latest version of Chrome 71, 71.0.3578.83, in the next few weeks. This release includes stability and performance improvements with one of the most visible changes being its ability to remove ads from sites with persistent abusive experiences. Site owners are free to use the Abusive Experiences Report in…

Cisco patches Prime License Manager SQL injection vulnerability

By

Cisco patched a Prime License Manager SQL injection vulnerability which could allow an unauthenticated, remote attacker to execute arbitrary SQL queries The vulnerability in the product’s web framework code was caused by a lack of proper validation of user-supplied input in SQL queries and as a result, an attacker could exploit this vulnerability by sending…

NUUO NVRmini2 Network Video Recorder firmware vulnerability allows arbitrary code

By

A vulnerability in NUUO NVRmini2 Network Video Recorder firmware.​NVRmini2 firmware version 3.9.1 and prior could allow an unauthenticated remote attacker to execute arbitrary code on the system with root privileges. The product is vulnerable to an unauthenticated remote buffer overflow caused by the improper sanitizations of user-supplied inputs and a lack of length checks on data…

Schneider’s Modicon Quantum programmable logic controller plagued with vulnerabilities in end life

By

Multiple vulnerabilities were discovered in Schneider’s Modicon Quantum programmable logic controller affecting all M340, Premium, Quantum PLCs and BMXNOR0200 products. Modicon Quantum products are used for complex process control, safety and infrastructure in industrial settings like manufacturing and were found to contain vulnerabilities that could allow an attacker to change any user’s password including the…

VMware advisory warns users to patch critical issue in product

VMware issues critical security update for Workstation and Fusion products

By

VMware last week issued a security update for its Workstation and Fusion virtual network devices, patching a critical integer overflow vulnerability that, if exploited, could allow unauthorized guests to execute code on the host. Designated CVE-2018-6983, the hypervisor vulnerability is fixed in versions 14.1.5 and 15.0.2 of Workstation Pro and Workstation Player, and versions 10.1.5 and 11.0.2…

Adobe patches critical type confusion bug in Flash Player

By

Adobe Systems today released an out-of-band security update that fixes a critical type confusion vulnerability in Flash Player, which if exploited could lead to arbitrary code execution in the context of the current user. Designated CVE-2018-15981, the bug was found in versions 31.0.0.148 and earlier of Flash Player Desktop Runtime, Flash Player for Google Chrome…

Privilege escalation bug patched in Accelerated Mobile Pages WordPress plug-in

By

A WordPress plug-in used to build faster-loading web pages was discovered to contain a privilege escalation vulnerability that allows unauthorized attackers to inject malicious HTML code into the main page. In a company blog post yesterday, researchers at WebARX disclosed the bug, which resides in the “MP for WP – Accelerated Mobile Pages” plug-in. The…

ICS-CERT announces updates for several Siemens products

By

ICS-CERT released eight advisories addressing several vulnerabilities in Siemens products to address several vulnerabilities, many of which could be exploited remotely. The vulnerabilities consisted of improper access control flaws, improper input validation, code injection, cross-site scripting, resource exhaustion, unprotected storage of credentials, improper authentication, path traversal, and open redirect vulnerabilities. The vulnerabilities are in various…

Microsoft’s Patch Tuesday addresses Zero Day vulnerabilities

By

Microsoft’s Patch Tuesday rollout covered 62 items, 12 rated critical, including patches for a pair of Zero Day vulnerabilities. Among the most worrisome issues addressed with this round of updates is CVE-2018-8589, a Won32k elevation of privilege flaw, that has been spotted in the wild affecting Windows 7, Server 2008 and Server 2008 R2. “This…

Next post in News