loader gif

Kill the security bugs by updating your Android devices: Patch Tuesday - Week 1, April 2019

boardroom,book,business,change,communication,computer,conference,corporate,daily,device,digital,electronic,inform,information,interface,internet,journalism,laptop,latest,meeting,mobile,mobility,modern,monitor,network,new,no,notebook,office,online,people,press,publication,report,software,technology,update,updated,updating,upgrade,web,webpage,website,wood,wooden,workplace,workspace

Apple

Apple released a follow-on security update for macOS Sierra and High Sierra users to fix certain security issues that were not rectified in the previous update. Mac users with these versions are advised to update to the following builds:

  • 17G6030 for macOS High Sierra version 10.13
  • 16G1918 for macOS Sierra version 10.12

The company has also released another major security update for watchOS present in Apple Watch Series 1 and later variants. Security flaws were primarily in the kernel of watchOS 5.2 and included critical ones such as privilege escalation, memory corruption, and information disclosure flaws. Flaws in CoreCrypto, Contacts, Messages and other applications were also patched.

Google

The monthly security update for April fixes a host of high and critical severity vulnerabilities found in various components and services in the Android ecosystem. Vulnerabilities include the serious remote code execution (RCE) flaw, privilege escalation, information disclosure, and denial-of-service flaws. The most affected version was Android 7.0 and its variants -- 7.1.1 and 7.1.2.

Qualcomm components, which are used in most of the Android devices, also had more than 70 bugs which were patched in this update. Therefore, Android users are suggested to update to the latest version provided by the device manufacturer. These will available anytime soon.

More details on the vulnerabilities can be found here.

Ubuntu

For this week, Ubuntu has released patches to fix multiple security vulnerabilities found in Linux kernels. In addition, Ubuntu also remedied the flaws found in Firebird and Dovecot applications. The following are the security bulletins published by Ubuntu.

VMware

VMware has published two major updates last week to address different security flaws in its products. The flaws were deemed critical by the company. Products include VMware ESXi, Workstation, Fusion, and vCloud Director. Following are the advisories released by VMware with updates.

  • VMSA-2019-0005: VMware ESXi (versions 6.7, 6.5, and 6.0), Workstation (versions 15.x and 14.x) and Fusion (11.x and 10.x) had out-of-bounds read/write vulnerabilities that could allow RCE.
  • VMSA-2019-0004: A critical remote session hijacking flaw was affecting vCloud Director (versions 9.7.x, 9.5.x, 9.1.x and 9.0.x). Attackers could impersonate users by exploiting this flaw.
loader gif