Go to listing page

Time to update your Apple devices!: Patch Tuesday - Week 3, January 2019

Time to update your Apple devices!: Patch Tuesday - Week 3, January 2019

This week, Apple released six security updates to fix various security vulnerabilities in iOS, macOS, watchOS, tvOS, Safari, and iCloud. Adobe also announced an update to address two vulnerabilities plaguing its content management platform, Adobe Experience Manager. Cisco came in hot with over 20 updates to fix vulnerabilities with medium to critical impact across 22 different products.

Adobe

Adobe announced the third update release for the month. The update is for its content management platform, Adobe Experience Manager, which had two major security vulnerabilities. The first one is a stored cross-site scripting flaw CVE-2018-19726 which affects versions 6.4, 6.3, 6.2, 6.1, 6.0. It is rated as ‘important’.

The second is a reflected cross-site scripting flaw CVE-2018-19727 that affects 6.3, 6.4. It is rated as ‘moderate’.

Apple

Apple released six updates this week. The updates fix security loopholes in various products including,

  • iCloud for Windows 7.10: Fixes vulnerabilities in SQLite and WebKit.
  • Safari 12.0.3: Fixes vulnerabilities in Safari Reader and Webkit
  • watchOS 5.1.3: Fixes vulnerabilities in AppleKeyStore, Core Media, Core Animation, FaceTime, IOKit, Kernel, Natural Language Processing, and SQLite.
  • tvOS 12.1.2: Fixes vulnerabilities in AppleKeyStore, Core Media, Core Animation, FaceTime, IOKit, Kernel, and libxpc
  • macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra: Fixes vulnerabilities in AppleKeyStore, Bluetooth, Core Media, Core Animation, Hypervisor, Intel Graphics Driver, FaceTime, IOKit, Kernel, Natural Language Processing, QuartzCore, SQLite, and WebRTC.
  • iOS 12.1.3: Fixes vulnerabilities in AppleKeyStore, Bluetooth, Core Media, Core Animation, Hypervisor, Intel Graphics Driver, FaceTime, IOKit, Kernel, Keyboard, Natural Language Processing, QuartzCore, SQLite, and WebRTC.

Cisco

Cisco released 23 security updates this week for its products. Out of the 23 vulnerabilities, 1 was rated ‘critical’, 12 were rated ‘high’ and 10 were rated ‘medium’. The following vulnerabilities in Cisco products were fixed with the newly released security updates.

  • Cisco SD-WAN Solution Buffer Overflow Vulnerability (critical)
  • Texas Instruments Bluetooth Low Energy Denial of Service and Remote Code Execution Vulnerability
  • Cisco Webex Teams URI Handler Insecure Library Loading Vulnerability
  • Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities
  • Cisco SD-WAN Solution Unauthorized Access Vulnerability
  • Cisco SD-WAN Solution Privilege Escalation Vulnerability
  • Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability
  • Multiple Privilege Escalation Vulnerabilities in Cisco SD-WAN Solution
  • Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
  • Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
  • Cisco Identity Services Engine Privilege Escalation Vulnerability
  • Cisco IoT Field Network Director Resource Exhaustion Denial of Service Vulnerability
  • Cisco Firepower Threat Defense Software Packet Inspection and Enforcement Bypass Vulnerability
  • Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability
  • Cisco AMP Threat Grid API Key Information Disclosure Vulnerability
  • Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability
  • Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerabilities
  • Cisco Webex Meetings Server Cross-Site Scripting Vulnerability
  • Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability
  • Cisco Identity Services Engine Privileged Account Sensitive Information Disclosure Vulnerability
  • Cisco Firepower Management Center Cross-Site Scripting Vulnerability
  • Cisco Prime Infrastructure Cross-Site Scripting Vulnerability
  • Cisco Connected Mobile Experiences Information Disclosure Vulnerability

Cyware Publisher

Publisher

Cyware