TTCSIRT-112.042518: TT-CSIRT Advisory – Apple Security Updates

TTCSIRT-112.042518: TT-CSIRT Advisory – Apple Security Updates

Apple has a released a security update stating that the following vulnerabilities have been discovered in the macOS 10.13.4: a) A memory corruption issue was addressed with improved error handling which could lead to an application may be able to gain elevated privileges – CVE-2018-4206 b) A spoofing issue existed in the handling of URLs […]

TTCSIRT-111.042518: TT-CSIRT Advisory – Drupal Security Updates

Drupal has released a security update stating that CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin (which Drupal 8 core also uses). Further information on this vulnerability […]

TTCSIRT-110.041918: TT-CSIRT Advisory – Chrome Security Updates

Google has released a security update stating that multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could result in arbitrary code execution. Details are as follows: 1) Use after free in Disk Cache – (CVE-2018-6085, CVE-2018-6086) 2) Use after free in WebAssembly – (CVE-2018-6087) 3) Use after free in PDFium […]

TTCSIRT-109.041918: TT-CSIRT Advisory – Oracle Security Updates

Oracle has released its Critical Patch Update for April 2018 to address 254 vulnerabilities across multiple products including 1) Enterprise Manager Base Platform, versions 12.1.0.5, 13.2.0.0 2) Enterprise Manager for MySQL Database, version 12.1.0.4 3) Enterprise Manager for Virtualization, version 13.2 4) Enterprise Manager Ops Center, versions 12.2.2, 12.3.3 5) Hardware Management Pack, versions prior […]

TTCSIRT-108.041318: TT-CSIRT Advisory – Adobe Security Updates

Adobe has released a security update stating that multiple vulnerabilities have been discovered in Adobe Flash Player the most severe of which could allow for remote code execution. Details are as follows: a) A remote code-execution vulnerability that occurs due to a use-after-free condition – (CVE-2018-4932) b) Multiple remote code-execution vulnerabilities that occur due to […]

TTCSIRT-107.041318: TT-CSIRT Advisory – Juniper Security Updates

Juniper Networks has released a series of security updates to address several vulnerabilities in its products. Details are as follows: a) Junos OS – kernel crash upon receipt of crafted CLNP packets (CVE-2018-0016) b) SRX Series – denial-of-service vulnerability in flowd daemon on devices configured with NAT-PT (CVE-2018-0017) c) SRX Series – crafted packet may […]

TTCSIRT-108.040618: TT-CSIRT Advisory – Android Security Updates

Google has released a security update stating that multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution within the context of a privileged process. Details are as follows: a) An elevation of privilege vulnerability in Android runtime – (CVE-2017-13274) b) An arbitrary code vulnerability […]

TTCSIRT-106.040318: TT-CSIRT Advisory – Apple Security Updates

Apple has released a security update stating that multiple vulnerabilities have been discovered in iCloud for Windows, Safari, macOS High Sierra, Sierra, and El Capitan, iTunes, Xcode, tvOS, watchOS and iOS. Details are as follows: 1) A buffer overflow was addressed with improved size validation – (CVE-2018-4144) 2) A command injection issue existed in the […]

TTCSIRT-105.040318: TT-CSIRT Advisory – Drupal Security Updates

Drupal has released a security update stating that a remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially could allow attackers to exploit multiple attack vectors on a Drupal site and result in it being compromised. In addition, depending on the privileges associated with the user, an attacker could […]