Daily Archives: June 23, 2023

News

Friday Squid Blogging: Giggling Squid

Read Time:12 Second

Giggling Squid is a Thai chain in the UK.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Read More

News

Public exploit is now available for Cisco AnyConnect VPN client

Read Time:32 Second

An easy-to-use exploit was publicly released this week for a patched vulnerability that affects the widely used Cisco AnyConnect Secure Mobility Client and Cisco Secure Client applications for Windows. Attackers could leverage the exploit to elevate their privileges on a victim’s system and take full control of it.

Cisco Secure Client for Windows, previously known as Cisco AnyConnect Secure Mobility Client before version 5.0, is an application that integrates with multiple Cisco endpoint security and management platforms and technologies including its AnyConnect VPN and zero-trust network access (ZTNA) platform, which is popular with enterprises.

To read this article in full, please click here

Read More

Advisories

CVE-2022-42860

Read Time:13 Second

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1, macOS Ventura 13. An app may be able to modify protected parts of the file system

Read More

Advisories

CVE-2022-42834

Read Time:14 Second

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to access mail folder attachments through a temporary directory used during compression

Read More

Advisories

CVE-2022-42807

Read Time:10 Second

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key

Read More

Advisories

CVE-2022-42792

Read Time:9 Second

This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information

Read More

Advisories

CVE-2022-22630

Read Time:13 Second

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution

Read More

Advisories

Multiple Vulnerabilities in Fortinet FortiNAC Could Allow for Arbitrary Code Execution

Read Time:38 Second

Multiple vulnerabilities have been discovered in Fortinet FortiNAC, the most severe of which could allow for arbitrary code execution. FortiNAC is a network access control solution offered by Fortinet that manages network-wide access policies, gains visibility of devices and users, and secures the network against unauthorized access and threats. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More