TTCSIRT-148.072418: TT-CSIRT Advisory – Bluetooth Security Updates

TTCSIRT-148.072418: TT-CSIRT Advisory – Bluetooth Security Updates

CERT has released a security update stating that Bluetooth firmware or operating system software drivers may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange. This may allow an unauthenticated, remote attacker to be able to utilize a man-in-the-middle network position to determine the cryptographic keys used by […]

TTCSIRT-146.072018: TT-CSIRT Advisory – Cisco Security Updates

Cisco has released a security update stating that it has found an issue in the Cluster Manager of Cisco Policy Suite which could allow an unauthenticated, remote attacker to log in to an affected system using the root account which has default, static user credentials. The vulnerability is due to the presence of undocumented, static […]

TTCSIRT-145.072018: TT-CSIRT Advisory – Photoline Security Updates

Talos has released a security update stating that it has found the following issues in Computerinsel Photoline which is an image-processing tool used to modify and edit images as well as other graphic-related material: a) A specially crafted PSD document processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. b) An […]

TTCSIRT-144.071618: TT-CSIRT Advisory – Apple Security Updates

Apple has released a security update stating that the following vulnerabilities have been discovered in iTunes, iCloud for Windows, Safari, macOS High Sierra, Sierra, and El Capitan, watchOS, tvOS, and iOS: a) A cookie management issue was addressed with improved checks – (CVE-2018-4293). b) A denial of service issue was addressed with improved memory handling […]

TTCSIRT-143.071618: TT-CSIRT Advisory – Microsoft Security Updates

Microsoft has released a security update stating that multiple vulnerabilities have been discovered in the following products: a) Microsoft Windows 7, 8.1, RT 8.1, and 10 b) Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016 c) Microsoft Windows Server Core Installation 2008, 2008 R2, 2012, 2012 R2, 2016 d) Microsoft Office 2010, 2013, […]

TTCSIRT-142.071218: TT-CSIRT Advisory – DHCP Security Updates

The Internet Systems Consortium (ISC) has released a security update stating that Kea DHCP 1.4.0 may fail to release memory after temporarily storing client network packets. This causes a constant increase in memory consumption that can cause server resources to become exhausted, leading to loss of DHCP server functionality. An attacker who is within the […]

TTCSIRT-141.071218: TT-CSIRT Advisory – Adobe Security Updates

Adobe has released a security update stating that it has discovered the following issues in Adobe Flash Player: a) A type confusion vulnerability that could allow for arbitrary code execution – (CVE-2018-5007). b) An out-of-bounds read vulnerability that could lead to information disclosure – (CVE-2018-5008). Successful exploitation of the most severe of these vulnerabilities could […]

TTCSIRT-140.070618: TT-CSIRT Advisory – Android Security Updates

Google has released a security update stating that the following issues have been discovered in the Android OS: a) A remote code execution vulnerability in Framework – (CVE-2018-9433). b) Multiple remote code execution vulnerabilities in Qualcomm components – (CVE-2018-3586, CVE-2018-5872). c) A remote code execution vulnerability in System – (CVE-2018-9365). d) An information disclosure vulnerability […]

TTCSIRT-139.070618: TT-CSIRT Advisory – VMware Security Updates

VMware has released a security update stating that ESXi, Workstation, and Fusion contain an out-of-bounds read vulnerability in their shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs. Further information on this vulnerability and how it can be mitigated can […]