TTCSIRT-118.051418: TT-CSIRT Advisory – Mozilla Security Updates

TTCSIRT-118.051418: TT-CSIRT Advisory – Mozilla Security Updates

Mozilla has released a security update stating that the following vulnerabilities have been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR): a) A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension […]

TTCSIRT-117.051418: TT-CSIRT Advisory – Chrome Security Updates

Google has released a security update stating that the following vulnerabilities have been discovered in Google Chrome: a) Heap buffer overflow in PDFium – (CVE-2018-6120) b) Privilege escalation in extensions – (CVE-2018-6121) c) Type confusion in V8 – (CVE-2018-6122) d) Chain leading to sandbox escape Successful exploitation of the most severe of these vulnerabilities could […]

TTCSIRT-116.050918: TT-CSIRT Advisory – Microsoft Security Updates

Microsoft has released a security update stating that vulnerabilities have been found in several of its products which could allow for remote code execution. Products affected include: 1) Microsoft Windows 7, 8, RT 8.1, and 10 2) Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016 3) Microsoft Windows Server Core Installation 2008, 2008 […]

TTCSIRT-115.050918: TT-CSIRT Advisory – Adobe Security Updates

Adobe has released a security update stating that a vulnerability has been discovered in Adobe Flash Player which could allow for arbitrary code execution due to type confusion error. Depending on the privileges associated with the user, an attacker could then install programs, view, change, delete data or create new accounts with full user rights. […]

TTCSIRT-114.050318: TT-CSIRT Advisory – Cisco Security Updates

Cisco has released a security update stating that a vulnerability has been discovered in Cisco Adaptive Security Appliance (ASA) which could allow for an unauthenticated, remote attacker to establish a Secure Sockets Layer (SSL) Virtual Private Network (VPN) connection to the device and bypass certain SSL certificate verification steps. The vulnerability is due to incorrect […]

TTCSIRT-113.050318: TT-CSIRT Advisory – Microsoft Security Updates

Microsoft has released a security update stating that a remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image. Exploitation occurs when an attacker places malicious code in a specially crafted container image which, if an authenticated administrator imported (pulled), could […]

TTCSIRT-112.042518: TT-CSIRT Advisory – Apple Security Updates

Apple has a released a security update stating that the following vulnerabilities have been discovered in the macOS 10.13.4: a) A memory corruption issue was addressed with improved error handling which could lead to an application may be able to gain elevated privileges – CVE-2018-4206 b) A spoofing issue existed in the handling of URLs […]

TTCSIRT-111.042518: TT-CSIRT Advisory – Drupal Security Updates

Drupal has released a security update stating that CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin (which Drupal 8 core also uses). Further information on this vulnerability […]

TTCSIRT-110.041918: TT-CSIRT Advisory – Chrome Security Updates

Google has released a security update stating that multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could result in arbitrary code execution. Details are as follows: 1) Use after free in Disk Cache – (CVE-2018-6085, CVE-2018-6086) 2) Use after free in WebAssembly – (CVE-2018-6087) 3) Use after free in PDFium […]

TTCSIRT-109.041918: TT-CSIRT Advisory – Oracle Security Updates

Oracle has released its Critical Patch Update for April 2018 to address 254 vulnerabilities across multiple products including 1) Enterprise Manager Base Platform, versions 12.1.0.5, 13.2.0.0 2) Enterprise Manager for MySQL Database, version 12.1.0.4 3) Enterprise Manager for Virtualization, version 13.2 4) Enterprise Manager Ops Center, versions 12.2.2, 12.3.3 5) Hardware Management Pack, versions prior […]