TTCSIRT-192.010419: TT-CSIRT Advisory – Adobe Security Updates

TTCSIRT-192.010419: TT-CSIRT Advisory – Adobe Security Updates

Adobe has released a security update stating that the following issues have been discovered in Adobe Acrobat & Reader: a) Multiple security bypass privilege escalation – (CVE-2018-16018). b) Multiple use after free arbitrary code execution (CVE-2018-16011). Successful exploitation of these vulnerabilities could result in the attacker gaining control of the affected system and depending on […]

TTCSIRT-190.122718: TT-CSIRT Advisory – Chrome Security Updates

Google has released a security update stating that an use-after-free issue in PDFium could allow for arbitrary code execution (CVE-2018-17481). Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code through the browser and depending on the privileges associated with the application, an attacker could install programs view, change, delete data or […]

TTCSIRT-189.121318: TT-CSIRT Advisory – Mozilla Security Updates

Mozilla has released a security update stating that it has discovered the following issues with Microsoft FireFox ver 64.0: a) A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. b) A use-after-free vulnerability can occur after deleting a selection element […]

TTCSIRT-186.120518: TT-CSIRT Advisory – Android Security Updates

Google has released a security update stating that the following issues have been discovered in the Android OS: a) Elevation of privilege vulnerability in Framework – (CVE-2018-9547). b) Information disclosure vulnerability in Framework – (CVE-2018-9548). c) Multiple arbitrary code execution in System – (CVE-2018-9555, CVE-2018-9556). d) Multiple vulnerabilities in Qualcomm components – (CVE-2018-11960, CVE-2018-11961, CVE-2018-11963). […]

TTCSIRT-185.112718: TT-CSIRT Advisory – Samba Security Updates

Samba Team has released a security update stating that all versions of Samba from ver 4.0.0 onwards are vulnerable to infinite query recursions caused by CNAME loops. Attackers can exploit this vulnerability by adding and removing Domain Name Service (DNS) Records by using the ldbadd tool. Further information on this vulnerability and how it can […]

TTCSIRT-184.112718: TT-CSIRT Advisory – VMware Security Updates

VMware has released a security update stating that VMware Workstation and Fusion contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host. Further information on this vulnerability and how it can be mitigated can be found on the VMware Website at https://www.vmware.com/security/advisories/VMSA-2018-0030.html

TTCSIRT-183.112118: TT-CSIRT Advisory – Chrome Security Updates

Google has released a security update stating that a vulnerability has been discovered in Google Chrome which could allow for arbitrary code execution. This vulnerability is caused by a use-after-free flaw in GPU (CVE-2018-17479). Further information on this vulnerability and how it can be mitigated can be found on the Google Website at https://chromereleases.googleblog.com/2018/11/stable-channel-update-for-desktop_19.html