TTCSIRT-135.062618: TT-CSIRT Advisory – Microsoft Security Updates

TTCSIRT-135.062618: TT-CSIRT Advisory – Microsoft Security Updates

Microsoft has released a security update stating that the following vulnerabilities have been discovered within the Oracle Outside In Technology Module being utilized by Microsoft Exchange Server: a) A remote user can exploit a flaw in the Oracle Outside In Technology Outside In Filters component to access data and cause partial denial of service conditions […]

TTCSIRT-134.062018: TT-CSIRT Advisory – macOS Security Updates

Apple has released a security update stating that a vulnerability has been discovered in Xcode for macOS High Sierra where an attacker can bypass security restrictions. This is due to multiple issues existing in versions of git prior to 2.15.2. Further information on this vulnerability and how it can be mitigated can be found at […]

TTCSIRT-133.062018: TT-CSIRT Advisory – Chrome Security Updates

Google has released a security update stating that a vulnerability has been discovered in Google Chrome where an attacker could execute arbitrary code in the browser. This is caused by an out-of-bounds write to arbitrary locations. Successful exploitation could allow the attacker to execute code to install programs; view, change, or delete data; or create […]

TTCSIRT-132.061418: TT-CSIRT Advisory – Bind Security Updates

The Internet Systems Consortium (ISC) has released a security update stating that some versions of BIND could improperly permit recursive queries to unauthorized clients. This could allow an attacker to deduce which queries a server has previously serviced by examining the results from the cache thereby potentially leaking private information about what queries have been […]

TTCSIRT-131.061418: TT-CSIRT Advisory – VMware Security Updates

VMware has released a security update stating that VMware AirWatch Agent for Android and Windows Mobile devices contain a remote code execution vulnerability in real time File Manager capabilities. This may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card […]

TTCSIRT-130.061218: TT-CSIRT Advisory – Cisco Security Updates

Cisco has released a security update stating that a vulnerability has been discovered in Cisco Adaptive Security Appliance (ASA) which could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This is due to lack of proper input validation of the HTTP URL. […]

TTCSIRT-129.061218: TT-CSIRT Advisory – Android Security Updates

Google has released a security update stating that the following vulnerabilities have been discovered in the Android OS: a) Multiple information disclosure vulnerabilities in Framework – (CVE-2017-13227, CVE-2018-9340). b) Multiple elevation of privilege vulnerabilities in Framework – (CVE-2018-9338, CVE-2018-9339). c) Multiple elevation of privilege vulnerabilities in Kernel components – (CVE-2017-17558, CVE-2017-17806, CVE-2017-17807, CVE-2018-9363). d) An […]

TTCSIRT-128.060818: TT-CSIRT Advisory – Mozilla Security Updates

Mozilla has released a security update stating that a vulnerability in the Mozilla Firefox Browser exists where a heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file. This results in a potentially exploitable crash and a remote attacker could exploit these vulnerabilities to take control of […]

TTCSIRT-127.060818: TT-CSIRT Advisory – Adobe Security Updates

Adobe has released a security update stating that Adobe Flash Player is prone to the following vulnerabilities: a) A stack-based buffer overflow that could allow for arbitrary code execution – (CVE-2018-5002). b) A type confusion that could allow for arbitrary code execution – (CVE-2018-4945). c) An integer overflow that could lead to information disclosure – […]

TTCSIRT-126.060418: TT-CSIRT Advisory – Chrome Security Updates

Google has released a security state stating that the following vulnerabilities have been discovered in Google Chrome: a) Heap buffer overflow in Skia – (CVE-2018-6141, CVE-2018-6126) b) Incorrect escaping of MathML in Blink – (CVE-2018-6145) c) Incorrect mutability protection in WebAssembly – (CVE-2018-6131) d) Leak of visited status of page in Blink – (CVE-2018-6137) e) […]