Patch | SC Media

Patch

Mozilla’s latest Firefox releases fix 21 bugs

The Mozilla Foundation yesterday released version 68 of its Firefox browser and version 60.8 of Firefox Extended Support Release (ESR), and in doing so patched 21 vulnerabilities between them, two of them critical. The two most serious flaws consisted of a series of memory bugs found by the browser’s developers and the greater Mozilla community. The first set of…

On Patch Tuesday, Microsoft unveils fix for critical Windows flaw 'JASBUG'

Microsoft Patch Tuesday addresses two actively exploited zero-days

Microsoft’s July 2019 Patch Tuesday included updates for 77 vulnerabilities, including two actively exploited zero-days and five publicly disclosed vulnerabilities. One of the zero-days, CVE-2019-1132, a privilege escalation vulnerability in the Win32k component, was actively exploited as part of the attack chain by a group of Russian state-funded hackers.  If exploited, this bug could allow…

Adobe’s July Patch Tuesday includes Bridge CC, Experience Manager, Dreamweaver fixes

Adobe’s July 2019 Patch Tuesday included updates for its Adobe Bridge CC , Adobe Experience Manager and Adobe Dreamweaver products. The updates for Experience Manager patched three vulnerabilities, while Bridge and Dreamweaver updates each have one, none of which are labeled as “critical,” and the highest rated vulnerability for each software is rated “important,” according…

patch flaw vulnerability

Cisco releases updates for 10 high-rated vulnerabilities

Cisco released security updates to address vulnerabilities in multiple products that could allow an attacker to take control of an affected system. The updates include patches to 10 flaws rated “high,” including four denial of service (DoS) bugs involving a Web Security Appliance HTTPS Certificate, a Small Business Series Switches HTTP, a Web Security Appliance…

VMware advisory warns users to patch critical issue in product

VMware begins patching process for Linux SACK vulnerabilities

VMware is instructing users to be on the lookout for software patches for 31 products that are affected by two vulnerabilities associated with the Linux kernel implementation of TCP Selective Acknowledgement (SACK). The two flaws, SACK Panic (CVE-2019-11477) and SACK Excess Resource Usage (CVE-2019-11478), were originally found and disclosed by Netflix researchers, along with two…

Cisco releases security updates for Data Center Network Manager

Cisco released security updates for Data Center Network Manager to address several vulnerabilities that could allow a remote attacker to take over an affected system. Two of the vulnerabilities are rated critical and include an Arbitrary File Upload and Remote Code Execution vulnerability and an Authentication Bypass vulnerability, according to a June 26 US Cert…

Dell SupportAssist bug leaves millions of PCs vulnerable

A vulnerability in Dell’s SupportAssist software, a software designed to protect users from vulnerabilities, has left millions of PCs vulnerable to remote takeover.  SafeBreach security researchers discovered the high-severity vulnerability (CVE-2019-12280) which stems from a component in SupportAssist, which checks the health of system hardware and software and requires high permissions, according to a June…

Cisco announced 26 vulnerabilities in over the last two days, three critical

Cisco announced 26 vulnerabilities in over the last two days, including two critical flaws affecting core equipment that could grant attackers an avenue into networks. The vulnerabilities CVE-2019-1625 and CVE-2019-1848  were a Cisco SD-WAN Solution privilege escalation vulnerability and a Cisco DNA Center authentication bypass vulnerability, respectively. The privilege escalation vulnerability, CVE-2019-1625,  is caused by…

Script fails, thousands of Mozilla developer emails and passwords possibly exposed

Firefox updates address takeover vulnerability

Mozilla released security updates to address a vulnerability in Firefox and Firefox ESR that could allow attackers to take control of an affected system. The vulnerability is rated critical and is actively being exploited in the wild. Mozilla called it “a type confusion vulnerability” that occurs when manipulating JavaScript objects due to issues in Array.pop.…

Next post in Security News