Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution within the context of a privileged process. Details of these vulnerabilities are as follows: a) An elevation of privilege vulnerability in the Framework – (CVE-2017-0806) b) Three arbitrary code execution vulnerabilities in the Media Framework […]
Apple has released a supplemental security update to address vulnerabilities in macOS High Sierra 10.13: a) A local attacker may gain access to an encrypted APFS volume – if a hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint. b) A malicious application can extract […]
Mozilla has confirmed the following vulnerabilities in Firefox and Firefox Extended Support Release (ESR): a) A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash – (CVE-2017-7793) b) A spoofing vulnerability for Firefox for Android, that can […]
Multiple vulnerabilities have been discovered in Cisco IOS and IOS XE Software, the most severe of which could result in remote code execution. Details of these vulnerabilities are as follows: a) A remote code execution vulnerability exists in the DHCP relay subsystem due to a buffer overflow condition – (CVE-2017-12240) b) A denial of service […]
Multiple vulnerabilities have been discovered in watchOS, iOS, tvOS, Xcode, and Safari. The most severe of these vulnerabilities could allow for arbitrary code execution. Details of these vulnerabilities are as follows: a) An ssh:// URL scheme handling issue was addressed through improved input validation (CVE-2017-1000117) b) Multiple memory corruption issues were addressed with improved memory […]
Multiple vulnerabilities have been discovered in Google Chrome, which could result in arbitrary code execution. These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page. Details of the vulnerabilities are as follows: Out-of-bounds access in V8. (CVE-2017-5121, CVE-2017-5122) Successful exploitation of these vulnerabilities could allow an attacker […]
The Samba Team has released security updates to address several vulnerabilities in Samba – a) A man in the middle attack may hijack client connections. b) A man in the middle attack can read and may alter confidential documents transferred via a client connection, which are reached via DFS redirect when the original connection used […]
Cisco has released updates to address vulnerabilities affecting the following products: a) Unified Customer Voice Portal Operations Console – a vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. b) Cisco […]
A collection of Bluetooth implementation vulnerabilities known as “BlueBorne” has been released. These vulnerabilities collectively affect Windows, iOS, and Linux-kernel-based operating systems including Android and Tizen and may in worst case allow an unauthenticated attacker to perform commands on the device. The following vulnerabilities have been identified in various Bluetooth implementations: 1) CWE-120: Buffer Copy […]
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for code execution. A full list of all vulnerabilities can be found at https://portal.msrc.microsoft.com/en-us/security-guidance Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the […]
