Patch | SC Media


Drupal releases correct four moderately critical third-party vulnerabilities


Drupal this week issued a series of security releases to fix four “moderately critical” vulnerabilities, three related to the content management system’s Symfony PHP web application framework and a fourth involving the jQuery project JavaScript library. The three Symfony issues consist of: A cross-site scripting bug caused by the failure of validation messages in the…

Cisco patches 29 vulnerabilities including one being actively exploited in Sea Turtle campaign


Cisco latest round of security updates addresses 29 vulnerabilities in multiple Cisco products that could allow a remote attacker to take control of an affected system and one of which is being actively exploited in Sea Turtle campaign. Admins in charge of Cisco ASR 9000 Series Aggregation Services Routers have been instructed to urgently address…

Intel addresses flaws found across four products


Intel has released a series of security updates and mitigation recommendations to address recently discovered vulnerabilities in four of its products, including two high-severity flaws. The Santa Clara, Calif.-based chip maker patched its Intel Media SDK product to fix CVE-2018-18094, a high-risk vulnerability in versions 2018 R2.1 and earlier that could allow authenticated users with…

April Microsoft Patch Tuesday addresses two actively exploited zero-days


Microsoft April 2019 Patch Tuesday’s release included fixes for 74 vulnerabilities, 15 of which were classified as critical and most of which affect the Windows operating system itself and two actively exploited vulnerabilities. The actively exploited vulnerabilities included two Win32K Elevation of Privilege vulnerabilities on of which was discovered by the Alibaba Cloud Intelligence Security…

Adobe Utah facility

April Adobe Patch Tuesday addresses several critical flaws in Flash, Acrobat and more


Adobe released security updates for 15 of its products including Adobe Acrobat and Reader for Windows and macOS to address critical and important vulnerabilities which could lead to arbitrary code execution or worse, in this month’s Patch Tuesday updates. The patches include critical updates for multiple versions of Adobe Acrobat, Flash Player, Shockwave and InDesign…

Security update removes hard-coded credentials from MyCar Controls app


Motor vehicle technology and equipment provider AutoMobility Distribution Inc. has updated its MyCar Controls telematics mobile application for iOS and Android in order to eliminate the use of insecure hard-coded credentials. The MyCar app offers geolocation services as well as remote start/stop and lock/unlock capabilities to vehicles that come with a compatible remote start unit.…

patch flaw vulnerability

Samba updates eliminate pair of vulnerabilities


The development team behind Samba issued software updates yesterday in order to patch a pair of vulnerabilities in the free re-implementation of the SMB networking protocol. The first vulnerability, CVE-2019-3870, occurs in Samba versions 4.9.x upon the provisioning of a new Active Directory domain controller. During this process, some files in the private/ directory are…

Cisco fixes previously issued flawed patches for routers


Cisco fixed two flawed patches for its RV320 and RV325 small business routers, while also revealing two medium-rated additional vulnerabilities. The previously patched vulnerabilities, CVE-2019-1652 and CVE-2019-1653, were improperly patched in September 2018. If it is exploited a remote attacker would be able to inject and run admin commands on a device without a password…

Xiaomi devices came with vulnerability baked into its pre installed security app


A preinstalled mobile security app on Xiaomi left user devices more vulnerable than protected, researchers said. Check Point researchers discovered a vulnerability in Xiaomi phones’ “Guard Provider app” that could expose users to attacks caused by the unsecured nature of network traffic to and from the app and the use of multiple SDKs within the…

VMware issues critical-rated security updates


VMware has issued updates to fix two security issues the company rated as critical, one of which could lead to a remote session hijacking if exploited. The hijacking issue, CVE-2019-5523, was in VMware vCloud Director for Service Providers resolves a remote session hijack vulnerability in the Tenant and Provider Portals. The problem attacker could access…

Next post in Vulnerabilities