TTCSIRT-052.101117: TT-CSIRT Advisory – Microsoft Security Updates

TTCSIRT-052.101117: TT-CSIRT Advisory – Microsoft Security Updates

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; […]

TTCSIRT-051.101117: TT-CSIRT Advisory – NetGear Security Updates

Multiple vulnerabilities have been discovered in Netgear products, the most severe of which could allow for arbitrary code execution. Netgear is a manufacturer of networked devices such as Network Attached Storage (NAS), routers, switches, cable and DSL modems, and video cameras. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to […]

TTCSIRT-050.100617: TT-CSIRT Advisory – Android Security Updates

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution within the context of a privileged process. Details of these vulnerabilities are as follows: a) An elevation of privilege vulnerability in the Framework – (CVE-2017-0806) b) Three arbitrary code execution vulnerabilities in the Media Framework […]

TTCSIRT-048.092917: TT-CSIRT Advisory – Mozilla Security Updates

Mozilla has confirmed the following vulnerabilities in Firefox and Firefox Extended Support Release (ESR): a) A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash – (CVE-2017-7793) b) A spoofing vulnerability for Firefox for Android, that can […]

TTCSIRT-046.092617: TT-CSIRT Advisory – Apple Security Updates

Multiple vulnerabilities have been discovered in watchOS, iOS, tvOS, Xcode, and Safari. The most severe of these vulnerabilities could allow for arbitrary code execution. Details of these vulnerabilities are as follows: a) An ssh:// URL scheme handling issue was addressed through improved input validation (CVE-2017-1000117) b) Multiple memory corruption issues were addressed with improved memory […]

TTCSIRT-045.092617: TT-CSIRT Advisory – Chrome Security Updates

Multiple vulnerabilities have been discovered in Google Chrome, which could result in arbitrary code execution. These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page. Details of the vulnerabilities are as follows: Out-of-bounds access in V8. (CVE-2017-5121, CVE-2017-5122) Successful exploitation of these vulnerabilities could allow an attacker […]

TTCSIRT-043.092117: TT-CSIRT Advisory – CISCO Security Updates

Cisco has released updates to address vulnerabilities affecting the following products: a) Unified Customer Voice Portal Operations Console – a vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. b) Cisco […]