Apple has released software updates to patch various vulnerabilities that existed in iCloud for Windows 10. The updates address a slew of memory corruption issues found in the WebKit component of this software. These could allow attackers to launch arbitrary code execution (ACE) attacks on the system. The updates also resolve other security issues such as out-of-bounds read, input validation and memory corruption issues in SQLite component. Users of iCloud for Windows 10 are advised to apply the update soon.
Cisco has published 25 advisories that address a host of vulnerabilities affecting its products. Among the flaws disclosed, two were rated critical, seven were rated high and the rest were medium-impact vulnerabilities. The critical flaws are a privilege escalation vulnerability (CVE-2019-1625) in Cisco SD-WAN Solution and an authentication bypass flaw (CVE-2019-1848) in Cisco Digital Network Architecture.
Products such as Cisco Star OS, Cisco Telepresence, Cisco RV110W, RV130W, and RV215W routers contained high-impact flaws, which are fixed with software updates. Likewise, a majority of medium-impact flaws which included denial-of-service(DoS), information disclosure(ID), cross-site scripting (XSS) and others, that were found in certain enterprise products have been remedied.
Mozilla has announced the latest version of Firefox and Firefox ESR. Denoted as Firefox 67.0.3 and Firefox ESR 60.7.1, Mozilla fixed a critical type confusion vulnerability (CVE-2019-11707) present in earlier versions of the browsers. This major flaw was known to be exploited by attackers to compromise systems with remote code execution (RCE) through the browser. Firefox users are suggested to upgrade their browsers to these new versions.
For this week, RedHat has brought out software updates to fix multiple vulnerabilities identified in its Enterprise Linux (RHEL) range of software products as JBoss middleware. These updates remediate major issues that could lead to DoS, privilege escalation, ACE, and others. Most importantly, the updates address vulnerabilities recently found in a mechanism known as SACK in Linux.
Some of the products that are patched include RHEL Server, RHEL Desktop, RHEL Workstation and RHEL for Power. A complete list of products which received updates can be found here.
Following RedHat, Ubuntu has also released software updates to remediate SACK vulnerabilities (CVE-2019-11478, CVE-2019-11477) that could be exploited to carry out a DoS attack. The flaws affected Linux kernels designed for platforms such as Amazon Web Services (AWS), Google Cloud Platform (GCP), Raspberry Pi 2, Snapdragon processors, among others. They are patched in Ubuntu versions running 19.04, 18.10, 18.04 LTS, 16.04 LTS, 14.04 ESM, and 12.04 ESM.