Patch | SC Media

Patch

Adobe patches critical flaw in Creative Cloud

Adobe issued a security advisory and patch for Creative Cloud Desktop Application version 5.0 and earlier for Windows. The advisory was issued late last week and centers on a single critical vulnerability, CVE-2020-3808, which is a time-of-check to time-of-use race condition that if exploited can lead to arbitrary file deletion. The issue can be mitigated…

apple patch

Apple releases more than 30 security patches

Apple released updates across eight product lines with several having more than a dozen issues addressed. Apple does not rate the severity of each vulnerability, but does break them all down for its users. One batch of 13 vulnerabilities was shared across three products, iCloud for Windows versions 10.9.3, 7.18 and iTunes 12.10.5 . Five of…

Drupal, Google and Cisco post security advisories

Batches of security advisories were rolled out by Drupal, Google and Cisco yesterday addressing a host of critical-rated issues for their products. Drupal addressed a critical vulnerability affecting Drupal 8.7 and 8.8. The issue is a Cross Site Scripting vulnerability in third-party libraries. An attacker that can create or edit content may be able to…

patch flaw vulnerability

Adobe patches 41 vulnerabilities, 22 in Photoshop

Adobe may have skipped March Patch Tuesday to push out security updates but caught up today issuing advisories covering 41 vulnerabilities, the majority critical, over six products. The products included Adobe Genuine Integrity Service, Acrobat Reader, Photoshop, Experience Manager, ColdFusion 2016 and 2018 and Bridge. None of the vulnerabilities have been spotted in the wild…

Intel issues nine security advisories

Intel rolled out nine security advisories for a variety of components associated with its processors and graphics drivers, with four having a high severity rating and the remainder medium. The high-rated advisory for Intel graphics drivers contains 17 CVEs, which if left unpatched and exploited could lead to escalation of privilege, denial of service and…

Zero day found in Zoho One Desktop Central

Cloud software provider Zoho One has pushed out an update patching a zero-day vulnerability that could allow remote attackers to execute arbitrary code on affected installations of its ManageEngine Desktop Central product. The vulnerability, CVE-2020-10189, carries a CVSS rating of 9.8 and was discovered by security researcher Steven Seeley of Source Incite. In his advisory,…

Cisco fixes three high-level bugs, but a fourth remains unpatched

Cisco Systems this week issued disclosed a dozen software vulnerabilities, including four high-severity flaws, one of which has not been patched. The flaw with no current fix is CVE-2020-3155: a validation error in the SSL implementation of Cisco Intelligent Proximity, a solution that helps laptops, smartphones and other devices automatically discover and link with Webex…

KrØØk vulnerability could allow crooks to intercept WiFi data packets

ESET researchers revealed during a talk at RSA Conference 2020 a vulnerability found in more than one billion WiFi-enabled devices and access points that could allow an attacker to partially read encrypted data being transmitted. Dubbed KrØØk, CVE-2019-15126 is a previously unknown vulnerability found in WiFi chips from Broadcom and Cypress. These are not only…

Adobe, VMWare issue patches for critical vulnerabilities

Adobe and VMWare pushed out a critical out-of-band updates for After Effects and vRealize Operations for Horizon Adapter which if exploited could lead to arbitrary code execution. The Adobe issue, CVE-2020-3765, is an out-of-bounds write vulnerability affecting After Effects version 16.1.2 and earlier versions for Windows. Adobe is recommending that Admin’s update to version 17.0.3…

Next post in Vulnerabilities