5,023 subscribers
PATCH WATCH: (This premium content appeared in the Sept. 30 issue of Inside Security.)
- Cisco patched a high-severity bug in its Cisco Aironet Access Points software that could enable an attacker to launch a denial-of-service attack against a vulnerable system. The flaw is due to insufficient input validation in the software's Ethernet packet handling.
- IBM patched a number of flaws in its products, including six high-severity bugs. The updates included a fix for a high-severity bug in the WebSphere Application Server for its IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise products.
- MB Connect line patched four vulnerabilities in its mymbCONNECT24 and mbCONNECT24 products that could enable an attacker to gain access to confidential information or carry out a remote code execution attack.
- Red Hat fixed several bugs in the kernel packages for Red Hat Enterprise Linux 7, which could enable a remote attacker to carry out denial-of-service and elevation-of-privileges attacks.
- Synopsys warned about authentication bypass vulnerabilities in chipsets of wireless routers made by Qualcomm, Mediatek, and Realtek. Mediatek and Realtek said they will send out patches upon request. Qualcomm said that the vulnerable chipsets have been discontinued and that currently supported chipsets are not affected by the flaw.
- Yokogawa fixed a vulnerability in its WideField3 tool for programming FA-M3 PLCs that could enable an attack to terminate the program unexpectedly.
As previously reported in Inside Security:
- Apple patched vulnerabilities in MacOS that could enable an attacker to carry out a remote code execution (RCE), security restriction bypass, or information disclosure attack. Read more...
- Facebook patched a critical bug in the Instagram mobile app that could enable an attacker to spy on victims. Read more...
- Google fixed a privilege escalation bug in OS Config, a Google Cloud Platform service for Compute Engine that manages operating systems running on virtual machine (VM) instances. Read more...
- Twitter patched a bug that could have led to the disclosure of developer information, such as application programming interface (API) keys and user access tokens. Read more...
