Citrix has released patches for an actively exploited zero-day vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway. Tracked as CVE-2022-27518, this critical vulnerability could allow arbitrary code execution on the vulnerable system on successful exploitation. Citrix states in the blog, “We are aware of a small number of targeted attacks in the … Continue reading “Citrix Application Delivery Controller (ADC) and Citrix Gateway Arbitrary Code Execution Vulnerability (CVE-2022-27518)”
Apple Patches Actively Exploited Zero-day Vulnerability in iOS and iPadOS (CVE-2022-42856)
Apple has released an update to address an actively exploited zero-day vulnerability in WebKit. Tracked as CVE-2022-42856, this is a type confusion vulnerability that could allow arbitrary code execution on a vulnerable device. Clément Lecigne of Google’s Threat Analysis Group has discovered this vulnerability. The advisory says, “This issue may have been actively exploited … Continue reading “Apple Patches Actively Exploited Zero-day Vulnerability in iOS and iPadOS (CVE-2022-42856)”
The December 2022 Patch Tuesday Security Update Review
Welcome to the final second Tuesday of the year. As expected, Microsoft and Adobe have released their latest security updates and fixes. Take a break from your holiday preparations and join us as we review the details of the latest security patches. Microsoft Patches for December 2022 In this month’s Patch Tuesday, Microsoft released 52 … Continue reading “The December 2022 Patch Tuesday Security Update Review”
Fortinet Patches an Actively Exploited Pre-authentication Remote Code Execution Vulnerability in FortiOS SSL-VPN (CVE-2022-42475)
Fortinet has released patches for an actively exploited pre-authentication remote code execution vulnerability in FortiOS SSL-VPN. Tracked as CVE-2022-42475, it is a critical vulnerability with a CVSSv3 score of 9.8. On successful exploitation, this vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on the target system. The advisory states, “Fortinet is … Continue reading “Fortinet Patches an Actively Exploited Pre-authentication Remote Code Execution Vulnerability in FortiOS SSL-VPN (CVE-2022-42475)”
ForgeRock Access Management and OpenAM Critical Remote Code Execution Vulnerability (CVE-2021-35464)
There is an active exploitation of a pre-authorization remote code execution vulnerability in the popular Access Management platform from digital identity management firm ForgeRock. Tracked as CVE-2021-35464, the vulnerability has given a critical severity. Cybersecurity and Infrastructure Security Agency (CISA) has also acknowledged the active exploitation of this vulnerability. OpenAM is an access management tool … Continue reading “ForgeRock Access Management and OpenAM Critical Remote Code Execution Vulnerability (CVE-2021-35464)”
Google Releases Emergency Update to Fix Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2022-4262)
Chrome has released security updates for Windows, Mac, and Linux to fix the zero-day vulnerability. Tracked as CVE-2022-4262, it is a type confusion vulnerability in the V8 JavaScript engine. Clement Lecigne of Google’s Threat Analysis Group has reported this vulnerability. Google has acknowledged the active exploitation of this vulnerability in the wild. … Continue reading “Google Releases Emergency Update to Fix Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2022-4262)”
CISA Added a Critical Oracle Access Manager Vulnerability in its Known Exploited Vulnerability Catalog (CVE-2021-35587)
CISA has warned security agencies to patch an actively exploited vulnerability in Oracle Access Manager by adding it to its Known Exploited Vulnerabilities Catalog. Tracked as CVE-2021-35587, it is a pre-authentication remote code execution vulnerability in the Oracle Access Manager (OAM). Oracle has rated this vulnerability as critical and provided a CVSS base score of … Continue reading “CISA Added a Critical Oracle Access Manager Vulnerability in its Known Exploited Vulnerability Catalog (CVE-2021-35587)”
Qualys Threat Research Unit (TRU) Discloses Snap Confine Race Condition Vulnerability (CVE-2022-3328)
The Qualys Threat Research Unit (TRU) has discovered a new vulnerability in the snap-confine function on Linux operating systems (CVE-2022-3328). This is a SUID-root program installed by default on Ubuntu. Qualys recommends applying the patch immediately. In February 2022, Qualys Threat Research Unit (TRU) published CVE-2021-44731 in the “Lemmings” Advisory. The vulnerability (CVE-2022-3328) originated … Continue reading “Qualys Threat Research Unit (TRU) Discloses Snap Confine Race Condition Vulnerability (CVE-2022-3328)”
Google Releases New Stable Chanel 108 Addressing Multiple Vulnerabilities in Chrome
Google has released Chrome 108 to the stable channel for Windows, Mac, and Linux addressing multiple vulnerabilities in the browser. In the advisory published on Nov 29, 2022, Google mentions, “The updates will roll out over the coming days/weeks.” The security fix addresses 28 vulnerabilities with severity ranging from high to medium. The advisory … Continue reading “Google Releases New Stable Chanel 108 Addressing Multiple Vulnerabilities in Chrome”
Google Releases Patch for an Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2022-4135)
Google has released an update for Chrome browser on Windows, Mac, and Linux to address a high-severity zero-day vulnerability (CVE-2022-4135). The vulnerability was discovered by Clement Lecigne of Google’s Threat Analysis Group. “Google is aware that an exploit for CVE-2022-4135 exists in the wild.”, says the advisory released by Google on November 24, 2022. … Continue reading “Google Releases Patch for an Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2022-4135)”
