Read Time:7 Second
FEDORA-2022-de4b7dac58
Packages in this update:
java-latest-openjdk-19.0.1.0.10-1.rolling.fc36
Update description:
October CPU
Daily Archives: October 31, 2022
java-latest-openjdk-19.0.0.0.36-4.rolling.fc35
Read Time:7 Second
FEDORA-2022-ef4cb602ab
Packages in this update:
java-latest-openjdk-19.0.0.0.36-4.rolling.fc35
Update description:
October CPU
java-latest-openjdk-19.0.1.0.10-1.rolling.el8
Read Time:7 Second
FEDORA-EPEL-2022-95ca32e505
Packages in this update:
java-latest-openjdk-19.0.1.0.10-1.rolling.el8
Update description:
October CPU
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Read Time:53 Second
Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.
Safari is a graphical web browser developed by Apple.
macOS Ventura is the 19th and current major release of macOS
macOS Monterey is the 18th and release of macOS.
macOS Big Sur is the 17th release of macOS.
iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
tvOS is an operating system for fourth-generation Apple TV digital media player.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Top Ghoulish Cybersecurity Practices Haunting IT Pros
Read Time:6 Second
Here are the top “ghoulish” cybersecurity practices that will turn any IT professional on any team into a chattering skeleton. […]
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Read Time:32 Second
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
CVE-2020-21016
Read Time:7 Second
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php.
Hackers Target Australian Defense Communications Platform With Ransomware
Read Time:5 Second
The firm is one of the defense department’s external providers employed to run one of its websites
CVE-2021-40661 (ind780_firmware)
Read Time:34 Second
A remote, unauthenticated, directory traversal vulnerability was identified within the web interface used by IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label ‘IND780_8.0.07’), Version 7.2.10 June 18, 2012 (SS Label ‘IND780_7.2.10’). It was possible to traverse the folders of the affected host by providing a traversal path to the ‘webpage’ parameter in AutoCE.ini This could allow a remote unauthenticated adversary to access additional files on the affected system. This could also allow the adversary to perform further enumeration against the affected host to identify the versions of the systems in use, in order to launch further attacks in future.
Apple Only Commits to Patching Latest OS Version
Read Time:54 Second
People have suspected this for a while, but Apple has made it official. It only commits to fully patching the latest version of its OS, even though it claims to support older versions.
From ArsTechnica:
In other words, while Apple will provide security-related updates for older versions of its operating systems, only the most recent upgrades will receive updates for every security problem Apple knows about. Apple currently provides security updates to macOS 11 Big Sur and macOS 12 Monterey alongside the newly released macOS Ventura, and in the past, it has released security updates for older iOS versions for devices that can’t install the latest upgrades.
This confirms something that independent security researchers have been aware of for a while but that Apple hasn’t publicly articulated before. Intego Chief Security Analyst Joshua Long has tracked the CVEs patched by different macOS and iOS updates for years and generally found that bugs patched in the newest OS versions can go months before being patched in older (but still ostensibly “supported”) versions, when they’re patched at all.