patches

Vulnerabilities

Issued by: Security Week

Users have been informed that the latest update includes three security fixes, including for a data exposure flaw related to the REST API, and a cross-site scripting (XSS) issue in the block editor. WordPress 5.8.1 also updates Lodash, a JavaScript library that provides utility functions for common programming tasks, to address security issues. These vulnerabilities…

Vulnerabilities

Issued by: Security Week

Cisco Patches Critical Code Execution Flaw in Security Appliances

Cisco informed customers on Monday that updates released for its Adaptive Security Appliance (ASA) software patch a critical vulnerability that can be exploited to gain full control of devices or cause them to reload. The security hole, tracked as CVE-2018-0101 and assigned a CVSS score of 10, allows a remote and unauthenticated attacker to execute arbitrary code…

Mobile Security

Issued by: Security Week

Android’s December 2017 Patches Resolve Critical Flaws

The December 2017 Android security patches that Google released this week resolve 47 vulnerabilities, including 10 rated Critical severity. The patches affect a variety of platform components and were split in two packages, or security patch levels, as Google calls them. The first addresses 19 vulnerabilities while the second resolves 28 issues.

Application Security

Issued by: Security Week

macOS High Sierra Update Patches Keychain Access Flaw

An update released on Thursday by Apple for its macOS High Sierra operating system patches two vulnerabilities, including one that allows malicious applications to steal passwords from the Keychain. The Keychain flaw, tracked as CVE-2017-7150, was disclosed last week by Patrick Wardle, director of research at Synack. Apple has now addressed the issue with the release of High…

Mobile Security

Issued by: Security Week

Google Discloses Critical Wi-Fi Flaws Affecting iOS, Android

Google Project Zero has disclosed the details of two critical remote code execution vulnerabilities affecting the Broadcom Wi-Fi chips found in many Android and iOS devices. The flaws, identified as CVE-2017-11120 and CVE-2017-11121, were patched in Android on September 5 with this month’s security updates and in iOS on September 19 with the release of…

Mobile Security

Issued by: Security Week

iOS 11 Patches 8 Security Vulnerabilities

Apple this week announced the availability of 8 security patches for its iPhone 5s and later, iPad Air and later, and iPod touch 6th generation users, released as part of the iOS 11 platform upgrade. The bugs affect 7 platform components, namely Exchange ActiveSync, iBooks, Mail MessageUI, Messages, MobileBackup, Safari, and WebKit. Exploitation of these…

Vulnerabilities

Issued by: Security Week

Google Patches 81 Android Vulnerabilities With September 2017 Updates

A total of 81 security vulnerabilities have been addressed in this month’s set of security patches for the Android platform. 13 of the flaws were rated Critical severity. The security bulletin has two security patch levels, each focused on addressing vulnerabilities in specific components. The 2017-09-01 security patch level fixes a total of 30 vulnerabilities, 10 of…

Mobile Security

Issued by: Security Week

Google Patches Critical Vulnerabilities in Android

Google on Wednesday announced that a total of 138 vulnerabilities were addressed in the Android platform with the release of this month’s set of security patches. The July 2017 Android Security Bulletin was split in two partial security patch level strings: the 2017-07-01 security patch level that addresses issues in the platform itself, and the 2017-07-05 security patch…

Network Security

Issued by: Security Week

Configuration Error Embarrasses UK’s Cyber Essentials

The UK government’s Cyber Essentials scheme has suffered an embarrassing incident; but one that can hardly be called a breach and certainly not a cyber-attack. A configuration error in the underlying software platform exposed the email addresses of consultancies registered with the scheme — nothing more. Cyber Essentials is a UK government-backed certification scheme designed…