The researcher Ralf-Phillip Weinmann , managing director at security firm Comsecuris , has disclosed Vulnerability-related.DiscoverVulnerability a zero-day baseband vulnerability affecting Vulnerability-related.DiscoverVulnerability Huawei smartphones , laptop WWAN modules , and IoT components . Baseband is firmware used on smartphones to connect to cellular networks , to make voice calls , and transmit data . An attacker can exploit baseband flaws to eavesdrop Attack.Databreach mobile communications , take over the device making calls and sending SMS messages to premium numbers or to exfiltrate Attack.Databreach data . The expert revealed Vulnerability-related.DiscoverVulnerability the flaw this week at the Infiltrate Conference , the vulnerability could be exploited Vulnerability-related.DiscoverVulnerability by attackers to execute a memory-corruption attack against affected devices over the air . Fortunately , the attack is quite difficult to conduct . The baseband vulnerability resides in Vulnerability-related.DiscoverVulnerability the HiSilicon Balong integrated 4G LTE modems . The Balong application processor is called Kirin , it is produced by the Hisilicon Technologies , a subsidiary of Huawei Technologies . The affected firmware is present in several Huawei Honor smartphones , including the P10 , Huawei Mate 9 , Honor 9 , 7 , 5c and 6 . Weinmann believes that millions of Honor smartphones could be exposed to the to attack . Weinmann presented Vulnerability-related.DiscoverVulnerability multiple baseband vulnerabilities found in Vulnerability-related.DiscoverVulnerability the Kirin application processor . The expert also revealed that many laptops produced by IT vendors leverage the HiSilicon Balong integrated modem , such as a number IoT devices . “ This baseband is much easier to exploit than other basebands . Why ? I ’ m not sure if this was intentional , but the vendor actually published the source code for the baseband which is unusual , ” Weinmann said . “ Also , the malleability of this baseband implantation doesn ’ t just make it good for device experimenting , but also network testing. ” Weinmann speculates HiSilicon may have wrong released the Kirin source code as part of a developer tar archive associated with the Huawei H60 Linux kernel data . Weinmann demonstrated several attack scenarios against mobile phones . A first attack scenario presented by the researcher involves setting up a bogus base station using open-source software called OpenLTE that is used by an attacker to simulate a network operator . The attacker can send specially crafted packets over the air that trigger a stack buffer overflow in the LTE stack causing the phone crashing . Once the phone rebooted an attacker can gain persistence installing a rootkit . In a second attack scenario , the attacker with a physical access to the phone and private key pair data would install malicious tools on the firmware . “ It requires key material that is stored both by the carrier and on the SIM card in order to pass the mutual authentication between the phone and the network . Without this key material , a base station can not pose as a legit network towards the device. ” Weinmann used for its test his own VxWorks build environment using an evaluation version of VxWorks 7.0 that shipped with Intel Galileo several years ago . The expert explained that the existence of a Lua scripting interpreter running in the baseband gives him further offensive options . Weinmann did not disclose the technical details to avoid threat actors in the wild will abuse his technology . “ I have chosen to only disclose lower-severity findings for now . Higher severity findings are in the pipeline. ” Weinmann said .

Technology companies are starting to respond to a new Wi-Fi exploit affecting Vulnerability-related.DiscoverVulnerability all modern Wi-Fi networks using WPA or WPA2 encryption . The security vulnerabilities allow attackers to read Wi-Fi traffic between devices and wireless access points , and in some cases even modify it to inject malware into websites . Security researchers claim Vulnerability-related.DiscoverVulnerability devices running macOS , Windows , iOS , Android , and Linux will be affected Vulnerability-related.DiscoverVulnerability by the vulnerabilities . Microsoft says it has already fixed Vulnerability-related.PatchVulnerability the problem for customers running supported versions of Windows . “ We have released Vulnerability-related.PatchVulnerability a security update to address Vulnerability-related.PatchVulnerability this issue , ” says a Microsoft spokesperson in a statement to The Verge . “ Customers who apply Vulnerability-related.PatchVulnerability the update , or have automatic updates enabled , will be protected . We continue to encourage customers to turn on automatic updates to help ensure they are protected. ” Microsoft says the Windows updates released Vulnerability-related.PatchVulnerability on October 10th protect customers , and the company “ withheld disclosure Vulnerability-related.DiscoverVulnerability until other vendors could develop and release Vulnerability-related.PatchVulnerability updates. ” While it looks like Android and Linux devices are affected Vulnerability-related.DiscoverVulnerability by the worst part of the vulnerabilities , allowing attackers to manipulate websites , Google has promised Vulnerability-related.PatchVulnerability a fix for affected devices “ in the coming weeks. ” Google ’ s own Pixel devices will be the first to receive Vulnerability-related.PatchVulnerability fixes with security patch level of November 6 , 2017 , but most other handsets are still well behind even the latest updates . Security researchers claim Vulnerability-related.DiscoverVulnerability 41 percent of Android devices are vulnerable Vulnerability-related.DiscoverVulnerability to an “ exceptionally devastating ” variant of the Wi-Fi attack that involves manipulating traffic , and it will take time to patch Vulnerability-related.PatchVulnerability older devices . The Verge has reached out to a variety of Android phone makers to clarify when security patches will reach Vulnerability-related.PatchVulnerability handsets , and we ’ ll update you accordingly . At the time of writing , Apple has not yet clarified Vulnerability-related.DiscoverVulnerability whether the latest versions of macOS and iOS are vulnerable Vulnerability-related.DiscoverVulnerability . The Wi-Fi Alliance , a network of companies responsible for Wi-Fi , has responded to the disclosure Vulnerability-related.DiscoverVulnerability of the vulnerabilities . “ This issue can be resolved Vulnerability-related.PatchVulnerability through straightforward software updates , and the Wi-Fi industry , including major platform providers , has already started deploying Vulnerability-related.PatchVulnerability patches to Wi-Fi users , ” says a Wi-Fi Alliance spokesperson . “ Users can expect all their Wi-Fi devices , whether patched or unpatched Vulnerability-related.PatchVulnerability , to continue working well together. ” Apple also confirmed to both The Verge and AppleInsider that the vulnerability is patched Vulnerability-related.PatchVulnerability in a beta version of the current operating systems . The fix should go public Vulnerability-related.PatchVulnerability in a few weeks , so iOS and macOS devices are n't in the clear just yet . AppleInsider also reports that AirPort hardware , including the Time Machine , AirPort Extreme base station , and AirPort Express do not have a patch . The publication 's source also was n't sure if one was in the works .

Tavis Ormandy , a Google Project Zero security researcher , has revealed Vulnerability-related.DiscoverVulnerability details about a new major vulnerability discovered Vulnerability-related.DiscoverVulnerability in Ghostscript , an interpreter for Adobe 's PostScript and PDF page description languages . Ghostscript is by far the most widely used solution of its kind . The Ghostscript interpreter is embedded in hundreds of software suites and coding libraries that allow desktop software and web servers to handle PostScript and PDF-based documents . Exploiting the bug Ormandy discovered Vulnerability-related.DiscoverVulnerability requires that an attacker sends a malformed PostScript , PDF , EPS , or XPS file to a victim . Once the file reaches the Ghostscript interpreter , the malicious code contained within will execute an attacker 's desired on that machine . The vulnerability , which has not received a CVE Vulnerability-related.DiscoverVulnerability identifier just yet , allows an attacker to take over applications and servers that use vulnerable versions of Ghostscript . At the time of writing , there is no fix available Vulnerability-related.PatchVulnerability . By far , the most affected projects are the ImageMagick image processing library , but also many Linux distros where this library ships by default . RedHat and Ubuntu have already confirmed they are affected , according to a CERT/CC security advisory released today . `` I * strongly * suggest that [ Linux ] distributions start disabling PS , EPS , PDF and XPS coders in [ ImageMagick 's ] policy.xml by default , '' Ormandy said . Because of Ghostscript 's broad adoption in the web dev and software dev communities , Ormandy has had his eyes set on Ghostscript for the past few years . He discovered Vulnerability-related.DiscoverVulnerability similar high severity issues affecting Vulnerability-related.DiscoverVulnerability Ghostscript in 2016 and again in 2017 . The vulnerability he found Vulnerability-related.DiscoverVulnerability in 2017 —CVE-2017-8291— was adopted by North Korean hackers , who used it to break into South Korean cryptocurrency exchanges , steal funds , and later plant false flags in an attempt to pin the hacks on Chinese-speaking threat actors . Because of Ghostscript 's wide adoption , any bugs , and especially those that lead to remote code execution , are highly sought-after by any threat actor .

Microsoft has rolled-out Vulnerability-related.PatchVulnerability security updates to fix Vulnerability-related.PatchVulnerability a critical remote code execution flaw affecting Vulnerability-related.DiscoverVulnerability Windows Defender and other anti-malware products . Ahead of April 's Patch Tuesday , Microsoft has released Vulnerability-related.PatchVulnerability patches for the critical flaw , which affects Vulnerability-related.DiscoverVulnerability Microsoft Malware Protection Engine , or mpengine.dll , the core of Windows Defender in Windows 10 . `` An attacker who successfully exploited Vulnerability-related.DiscoverVulnerability this vulnerability could execute arbitrary code in the security context of the LocalSystem Account and take control of the system , '' warns Microsoft . `` An attacker could then install programs ; view , change , or delete data ; or create new accounts with full user rights . '' Google Project Zero researcher Thomas Dullien , aka Halvar Flake , discovered Vulnerability-related.DiscoverVulnerability that attackers can trigger a memory-corruption issue in the engine if they can get Windows Defender and other affected Vulnerability-related.DiscoverVulnerability security products to scan a specially-crafted file . Microsoft warns there are many ways an attacker could achieve this , including placing the file on a website , in an email or instant message , on any site that hosts files , or in a shared directory . As with similar vulnerabilities reported Vulnerability-related.DiscoverVulnerability last year by the UK 's National Cyber Security Centre ( NCSC ) and Project Zero , an attack would be instant if the affected antivirus has real-time protection enabled . Although the patch is being released Vulnerability-related.PatchVulnerability before Microsoft 's monthly security update , the bug , CVE2018-0986 , is not an out-of-band patch as Microsoft updates Vulnerability-related.PatchVulnerability the engine as needed . Microsoft also notes that the default configuration for Microsoft 's anti-malware products in the enterprise is to automatically receive Vulnerability-related.PatchVulnerability updates .

A design flaw affecting Vulnerability-related.DiscoverVulnerability all in-display fingerprint sensors – that left over a half-dozen cellphone models vulnerable to a trivial lock-screen bypass attack – has been quietly patched Vulnerability-related.PatchVulnerability . The flaw was tied to a bug in the popular in-display fingerprint reader technology used for user authentication . In-display fingerprint reader technology is widely considered an up-and-coming feature to be used in a number of flagship model phones introduced in 2019 by top OEM phone makers , according to Tencent ’ s Xuanwu Lab which is credited for first identifying Vulnerability-related.DiscoverVulnerability the flaw earlier this year . “ During our research on this , we found all the in-display fingerprint sensor module suffer the same problem no matter where it was manufactured by whatever vendors , ” said Yang Yu , a researcher at Xuanwu Lab . “ This vulnerability is a design fault of in-display fingerprint sensors. ” Impacted are all phones tested in the first half of 2018 that had in-display fingerprint sensors , said Yu . That includes current models of Huawei Technologies ’ Porsche Design Mate RS and Mate 20 Pro model phones . Yu said that many more cellphone manufacturers are impacted Vulnerability-related.DiscoverVulnerability by the issue . However , Yu would not specify other impacted vendors or models : “ Vendors differ greatly in the attitude to security issues , someone have open attitudes , like Huawei , and in contrast , some vendors strongly hope us to keep the voice down on this , ” he told Threatpost . He noted Huawei has been forthcoming , issuing Vulnerability-related.PatchVulnerability patches to address Vulnerability-related.PatchVulnerability the issue . Other phones that use the feature include Vivo Communication Technology ’ s V11 Pro , X21 and Nex ; and OnePlus ’ 6T and Xiaomi Mi 8 Explorer Edition phones . Vivo , OnePlus and Xiaomi did not respond to requests for comment from Threatpost . In-display fingerprint readers based on optical fingerprint imaging , experts believe , will soon replace conventional authentication based on capacitance-sensor fingerprint scanners . In-display readers allow for a user to place a finger on the screen of a smartphone where a scanner from behind the display can verify a fingerprint , authenticate the user and unlock the phone . Design-wise the feature allows phones to be sleeker and less cluttered , supporting infinity displays . Usability advantages include the ability to unlock the phone simply by placing your finger on the phone ’ s screen at any angle , whether it ’ s sitting on a table or in a car mount . The vulnerability , which Huawei issued Vulnerability-related.PatchVulnerability a patch ( CVE-2018-7929 ) for in September , can be exploited Vulnerability-related.DiscoverVulnerability in a matter of seconds , researchers said . In an exclusive interview with Threatpost on the flaw Yu said all an attacker needs to carry out the attack is an opaque reflective material such as aluminum foil . By placing the reflective material over a residual fingerprint on the phone ’ s display the capacitance fingerprint imaging mechanism can be tricked into authenticating a fingerprint .

If you ’ re a BMW owner , prepare to patch ! Chinese researchers have found Vulnerability-related.DiscoverVulnerability 14 security vulnerabilities affecting Vulnerability-related.DiscoverVulnerability many models . The ranges affected Vulnerability-related.DiscoverVulnerability ( some as far back as 2012 ) are the BMW i Series , X Series , 3 Series , 5 Series and 7 Series , with a total of seven rated serious enough to be assigned CVE Vulnerability-related.DiscoverVulnerability numbers . The vulnerabilities are in in the Telematics Control Unit ( TCU ) , the Central Gateway Module , and Head Unit , across a range of interfaces including via GSM , BMW Remote Service , BMW ConnectedDrive , Remote Diagnosis , NGTP , Bluetooth , and the USB/OBD-II interfaces . Some require local access ( e.g . via USB ) to exploit but six including the Bluetooth flaw were accessible remotely , making them the most serious . Should owners worry that the flaws could be exploited Vulnerability-related.DiscoverVulnerability , endangering drivers and vehicles ? On the basis of the technical description , that seems unlikely , although Keen Lab won ’ t release the full proof-of-concept code until 2019 . Keen Lab described the effect of its hacking as allowing it to carry out : The execution of arbitrary , unauthorized diagnostic requests of BMW in-car systems remotely . To which BMW responded : BMW Group has already implemented security measures , which are currently being rolled out via over-the-air configuration updates . Additional security enhancements for the affected infotainment systems are being developed Vulnerability-related.PatchVulnerability and will be available Vulnerability-related.PatchVulnerability as software updates for customers . In other words , some fixes have already been made Vulnerability-related.PatchVulnerability , while others will be made Vulnerability-related.PatchVulnerability between now and early 2019 , potentially requiring a trip to a service centre . Full marks to BMW for promptly responding to the research but the press release issued Vulnerability-related.PatchVulnerability in its wake reads like PR spin . To most outsiders , this is a case of Chinese white hats finding Vulnerability-related.DiscoverVulnerability vulnerabilities in BMW ’ s in-car systems . To BMW , judging by the triumphant language of its press release , it ’ s as if this was the plan all along , right down to awarding Keen Lab the “ first-ever BMW Group Digitalization and IT Research Award. ” More likely , car makers are being caught out by the attention their in-car systems are getting from researchers , with Volkswagen Audi Group experiencing some of the same discomfort a couple of weeks ago at the hands of Dutch researchers . BMW has experienced this before too – three years ago it suffered Vulnerability-related.DiscoverVulnerability an embarrassing security flaw in its car ConnectedDrive software door-locking systems . Let ’ s not feel too sorry for the car makers because it ’ s the owners who face the biggest adjustment to their expectations – software flaws and patching Vulnerability-related.PatchVulnerability are no longer just for computers .

This week , Adobe released Vulnerability-related.PatchVulnerability its monthly scheduled update bundle addressing Vulnerability-related.PatchVulnerability vulnerabilities within its different products . The Adobe patch Tuesday November updates allegedly fixed Vulnerability-related.PatchVulnerability numerous vulnerabilities leading to information disclosure . These vulnerabilities existed in Vulnerability-related.DiscoverVulnerability Adobe Acrobat/Reader , Flash Player , and Photoshop CC . The recently released Adobe Patch Tuesday November updates addressed Vulnerability-related.PatchVulnerability three different vulnerabilities – all resulting in information disclosure . The first one existed in Vulnerability-related.DiscoverVulnerability the Adobe Photoshop CC affecting Vulnerability-related.DiscoverVulnerability versions 19.1.6 and prior for both Windows and MacOS . As described in the security advisory , Adobe has fixed Vulnerability-related.PatchVulnerability this important Out-of-bounds read vulnerability ( CVE-2018-15980 ) in the Photoshop CC versions 19.1.7 and 20.0 . The second information disclosure flaw affected Vulnerability-related.DiscoverVulnerability Adobe Reader and Acrobat for Windows . Explaining about the flaw in their advisory , Adobe stated , “ Successful exploitation could lead to an inadvertent leak of the user ’ s hashed NTLM password. ” The vulnerability initially received the CVE Vulnerability-related.DiscoverVulnerability number CVE-2018-4993 , when Check Point Research first reported Vulnerability-related.DiscoverVulnerability the bug . However , as recently disclosed Vulnerability-related.DiscoverVulnerability by the EdgeSpot , Adobe only patched Vulnerability-related.PatchVulnerability a single variant of this bug . Whereas , the EdgeSpot team discovered Vulnerability-related.DiscoverVulnerability other variants that hinted towards a failed patching Vulnerability-related.PatchVulnerability of the bug instead of a new vulnerability . The patched vulnerability has now received CVE Vulnerability-related.DiscoverVulnerability number CVE-2018-15979 “ to reflect that the patch is available Vulnerability-related.PatchVulnerability ” . The third vulnerability addressed Vulnerability-related.PatchVulnerability this month is an out-of-bounds Read vulnerability ( CVE-2018-15978 ) in the Adobe Flash Player . The affected versions include 31.0.0.122 and earlier for Windows , Linux , and MacOS . Unlike previous months , the Adobe Patch Tuesday November update bundle addressed Vulnerability-related.PatchVulnerability fewer bugs . Moreover , none of the patched vulnerabilities had a critical severity impact . In October , Adobe patched Vulnerability-related.PatchVulnerability 86 different vulnerabilities including 47 critical ones . Whereas , in September , they addressed Vulnerability-related.PatchVulnerability 6 critical flaws . Adobe has fixed Vulnerability-related.PatchVulnerability the bugs CVE-2018-15980 and CVE-2018-15978 in Adobe Photoshop CC versions 19.1.7 and 20.0 and Adobe Flash Player version 31.0.0.148 , respectively . Whereas , CVE-2018-15979 has received Vulnerability-related.PatchVulnerability a patch in Adobe Acrobat DC and Reader DC version 2019.008.20081 , Acrobat 2017 and Acrobat Reader DC 2017 version 2017.011.30106 , and Acrobat DC and Acrobat Reader DC ( Classic 2015 ) version 2015.006.30457 . For protection against the three important vulnerabilities addressed Vulnerability-related.PatchVulnerability in November updates , users should make sure to upgrade Vulnerability-related.PatchVulnerability their software to the patched versions at the earliest convenience .

Cisco patches Vulnerability-related.PatchVulnerability a severe flaw in switch deployment software that can be attacked with crafted messages sent to a port that 's open by default . Cisco has released Vulnerability-related.PatchVulnerability patches for 34 vulnerabilities mostly affecting Vulnerability-related.DiscoverVulnerability its IOS and IOS XE networking software , including three critical remote code execution security bugs . Perhaps the most serious issue Cisco has released Vulnerability-related.PatchVulnerability a patch for is critical bug CVE-2018-0171 affecting Vulnerability-related.DiscoverVulnerability Smart Install , a Cisco client for quickly deploying new switches for Cisco IOS Software and Cisco IOS XE Software . A remote unauthenticated attacker can exploit a flaw in the client to reload an affected device and cause a denial of service or execute arbitrary code . Embedi , the security firm that found Vulnerability-related.DiscoverVulnerability the flaw , initially believed it could only be exploited Vulnerability-related.DiscoverVulnerability within an enterprise 's network . However , it found Vulnerability-related.DiscoverVulnerability millions of affected devices exposed on the internet . `` Because in a securely configured network , Smart Install technology participants should not be accessible through the internet . But scanning the internet has shown that this is not true , '' wrote Embedi . `` During a short scan of the internet , we detected 250,000 vulnerable devices and 8.5 million devices that have a vulnerable port open . '' Smart Install is supported by a broad range of Cisco routers and switches . The high number of devices with an open port is probably because the Smart Install client 's port TCP 4786 is open by default . This situation is overlooked by network admins , Embedi said . The company has also published Vulnerability-related.DiscoverVulnerability proof-of-concept exploit code , so it probably will be urgent for admins to patch Vulnerability-related.PatchVulnerability . An attacker can exploit the bug by sending Attack.Phishing a crafted Smart Install message to these devices on TCP port 4786 , according to Cisco . Embedi discovered Vulnerability-related.DiscoverVulnerability the flaw last year , landing it an award at the GeekPwn conference in Hong Kong last May , and reported Vulnerability-related.DiscoverVulnerability it to Cisco in September . Cisco 's internal testing also turned up Vulnerability-related.DiscoverVulnerability a critical issue in its IOS XE software , CVE-2018-0150 , due to an undocumented user account that has a default username and password . Cisco warns Vulnerability-related.DiscoverVulnerability that an attacker could use this account to remotely connect to a device running the software . Cisco engineers also found Vulnerability-related.DiscoverVulnerability CVE-2018-0151 , a remote code execution bug in the QoS subsystem of IOS and IOS XE . `` The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device . An attacker could exploit this vulnerability by sending malicious packets to an affected device , '' writes Cisco . All three bugs were given a CVSS score of 9.8 out of 10 .

Cisco patches Vulnerability-related.PatchVulnerability a severe flaw in switch deployment software that can be attacked with crafted messages sent to a port that 's open by default . Cisco has released Vulnerability-related.PatchVulnerability patches for 34 vulnerabilities mostly affecting Vulnerability-related.DiscoverVulnerability its IOS and IOS XE networking software , including three critical remote code execution security bugs . Perhaps the most serious issue Cisco has released Vulnerability-related.PatchVulnerability a patch for is critical bug CVE-2018-0171 affecting Vulnerability-related.DiscoverVulnerability Smart Install , a Cisco client for quickly deploying new switches for Cisco IOS Software and Cisco IOS XE Software . A remote unauthenticated attacker can exploit a flaw in the client to reload an affected device and cause a denial of service or execute arbitrary code . Embedi , the security firm that found Vulnerability-related.DiscoverVulnerability the flaw , initially believed it could only be exploited Vulnerability-related.DiscoverVulnerability within an enterprise 's network . However , it found Vulnerability-related.DiscoverVulnerability millions of affected devices exposed on the internet . `` Because in a securely configured network , Smart Install technology participants should not be accessible through the internet . But scanning the internet has shown that this is not true , '' wrote Embedi . `` During a short scan of the internet , we detected 250,000 vulnerable devices and 8.5 million devices that have a vulnerable port open . '' Smart Install is supported by a broad range of Cisco routers and switches . The high number of devices with an open port is probably because the Smart Install client 's port TCP 4786 is open by default . This situation is overlooked by network admins , Embedi said . The company has also published Vulnerability-related.DiscoverVulnerability proof-of-concept exploit code , so it probably will be urgent for admins to patch Vulnerability-related.PatchVulnerability . An attacker can exploit the bug by sending Attack.Phishing a crafted Smart Install message to these devices on TCP port 4786 , according to Cisco . Embedi discovered Vulnerability-related.DiscoverVulnerability the flaw last year , landing it an award at the GeekPwn conference in Hong Kong last May , and reported Vulnerability-related.DiscoverVulnerability it to Cisco in September . Cisco 's internal testing also turned up Vulnerability-related.DiscoverVulnerability a critical issue in its IOS XE software , CVE-2018-0150 , due to an undocumented user account that has a default username and password . Cisco warns Vulnerability-related.DiscoverVulnerability that an attacker could use this account to remotely connect to a device running the software . Cisco engineers also found Vulnerability-related.DiscoverVulnerability CVE-2018-0151 , a remote code execution bug in the QoS subsystem of IOS and IOS XE . `` The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device . An attacker could exploit this vulnerability by sending malicious packets to an affected device , '' writes Cisco . All three bugs were given a CVSS score of 9.8 out of 10 .

Apache Software Foundation has patched Vulnerability-related.PatchVulnerability a remote code execution vulnerability affecting Vulnerability-related.DiscoverVulnerability the Jakarta Multipart parser in Apache Struts . Administrators need to update Vulnerability-related.PatchVulnerability the popular Java application framework or put workarounds in place because the vulnerability is actively being targeted in attacks . The issue affects Vulnerability-related.DiscoverVulnerability Apache Struts versions 2.3.5 through 2.3.31 and versions 2.5 through 2.5.10 . The presence of vulnerable code is enough to expose the system to attack—the web application doesn ’ t need to implement file upload for attackers to exploit Vulnerability-related.DiscoverVulnerability the flaw , said Vulnerability-related.DiscoverVulnerability researchers from Cisco Talos . Talos “ found a high number of exploitation events , ” said Cisco threat researcher Nick Biasini . “ With exploitation actively underway , Talos recommends immediate upgrading if possible or following the workaround referenced in the above security advisory ” . The remote code execution vulnerability ( CVE-2017-5638 ) in the Jakarta Multipart parser is the result of improper handling of the Content-Type header , Apache said Vulnerability-related.DiscoverVulnerability in its emergency security advisory . The header indicates the media type of the resource , such as when the client tells the server what type of data was sent as part of a POST or PUT request , or the server telling the client what type of content is being returned as part of the response . The flaw is triggered when Struts parses a malformed Content-Type HTTP header and lets attackers remotely take complete control of the system without needing any kind of authentication .

The Git community has disclosed Vulnerability-related.DiscoverVulnerability a security vulnerability affecting Vulnerability-related.DiscoverVulnerability the clone and submodule commands that could enable remote code execution when vulnerable machines access malicious repositories . The vulnerability , which has been assigned Vulnerability-related.DiscoverVulnerability CVE–2018–17456 by Mitre , has been fixed Vulnerability-related.PatchVulnerability in Git 2.19.1 . To trigger the vulnerability , a malicious repository could forge a .gitmodules containing an URL starting with a dash . This would affect Vulnerability-related.DiscoverVulnerability both git clone -- recurse-submodules and git submodule update -- recursive in that they would recursively pass the URL starting with a dash to a git clone or git submodule subprocess that would interpret the URL as a command option . This could lead to executing an arbitrary command on the local machine . This vulnerability is similar to CVE–2017–1000117 , which also enabled an option-injection attack by forging ssh URLs starting with a dash that would be interpreted as an option by the ssh subprocess executed by git . No exploits are known at the moment . We were also able to use the time to scan all repositories on GitHub for evidence of the attack being used in the wild . As shown in the PR fixing Vulnerability-related.PatchVulnerability the vulnerability , submitted by @ joernchen , the fix is quite trivial in itself . Yet , this discovery provided the opportunity for an overall audit of .gitmodules , which led to implementing stricter checks on both paths and URLs found inside of it . As mentioned , the fix for this vulnerability is included in Git 2.19.1 . Additionally , it has been backported Vulnerability-related.PatchVulnerability to versions 2.14.5 , 2.15.3 , 2.16.5 , 2.17.2 , and 2.18.1 . Since git is integrated in GitHub projects such as GitHub Desktop and Atom , those have been patched Vulnerability-related.PatchVulnerability as well , so you will be better off upgrading Vulnerability-related.PatchVulnerability them as soon as possible .

Adobe has resolved Vulnerability-related.PatchVulnerability 11 security flaws in this month 's patch update on the heels of a far larger security round last month in which over a hundred bugs were squashed Vulnerability-related.PatchVulnerability . The patch release impacts Vulnerability-related.PatchVulnerability Adobe Flash , Acrobat and Reader , Experience Manager , and Creative Cloud . Two of the vulnerabilities disclosed Vulnerability-related.DiscoverVulnerability in the release are described Vulnerability-related.DiscoverVulnerability as critical and affect Vulnerability-related.DiscoverVulnerability Acrobat and Reader . In July , Adobe issued Vulnerability-related.PatchVulnerability a security update which patched Vulnerability-related.PatchVulnerability a total of 112 vulnerabilities . The majority of bugs were uncovered Vulnerability-related.DiscoverVulnerability in Adobe Acrobat , but a critical code execution flaw was also resolved Vulnerability-related.PatchVulnerability in Adobe Flash . The critical bugs in this release impact Vulnerability-related.DiscoverVulnerability Adobe Acrobat 2017 , Acrobat DC , and Acrobat Reader DC on Windows and macOS machines . The tech giant says Vulnerability-related.DiscoverVulnerability that exploitation of the security flaws , an out of bounds write issue ( CVE-2018-12808 ) and an untrusted pointer dereference problem ( CVE-2018-12799 ) can lead to arbitrary code execution . The vulnerabilities resolved Vulnerability-related.PatchVulnerability include five bugs in Adobe Flash . An out of bounds read flaw ( CVE-2018-12824 ) , a security bypass error ( CVE-2018-12825 ) , two information disclosure vulnerabilities ( CVE-2018-12826 , CVE-2018-12827 ) , and a privilege escalation flaw ( CVE-2018-12828 ) have all been patched Vulnerability-related.PatchVulnerability . A reflected cross-site scripting flaw ( CVE-2018-12806 ) , input validation bypass ( CVE-2018-12807 ) , and cross-site scripting ( XSS ) bug ( CVE-2018-5005 ) have been patched Vulnerability-related.PatchVulnerability in Adobe Experience Manager versions 6.0 -- 6.4 on all platforms . If exploited Vulnerability-related.DiscoverVulnerability , the security flaws can facilitate sensitive information disclosure and data modification . In addition , a single bug in Adobe Creative Cloud Desktop affecting Vulnerability-related.DiscoverVulnerability versions 4.5.0.324 and earlier versions on Windows systems has been resolved Vulnerability-related.PatchVulnerability . The DLL hijacking vulnerability ( CVE-2018-5003 ) can be exploited Vulnerability-related.DiscoverVulnerability in order for an attacker to escalate privileges on an account . Adobe recommends that users update their software as quickly as possible . Researchers from Trend Micro 's Zero Day Initiative , Palo Alto Networks , Google Project Zero , TenCent , and Cognizant Technology Solutions , among others , were thanked for reporting Vulnerability-related.DiscoverVulnerability the bugs . On Tuesday , Microsoft 's latest round of patches tackled Vulnerability-related.PatchVulnerability a total of 60 vulnerabilities , 19 of which were deemed critical . Two severe security flaws resolved Vulnerability-related.PatchVulnerability in the update are zero-day vulnerabilities which are being actively exploited Vulnerability-related.DiscoverVulnerability in the wild .

Cisco has plugged Vulnerability-related.PatchVulnerability two severe vulnerabilities affecting Vulnerability-related.DiscoverVulnerability its Digital Network Architecture ( DNA ) Center software . Appliances running Cisco 's DNA Center software before Release 1.1.4 are vulnerable Vulnerability-related.DiscoverVulnerability to an authentication bypass that could allow a remote attacker to `` take complete control '' of its identity management functions . Network admins can use the DNA Center interface to add new devices to the network and manage them based on enterprise policies . DNA Center is part of Cisco 's toolkit for internet-based networking . Lax security restrictions on key DNA management functions mean an attacker could send a valid identity management request to an affected system and then change existing system users or create new users , according to Cisco . The flaw , which is tracked as Vulnerability-related.DiscoverVulnerability CVE-2018-0448 , is rated critical and has a Common Vulnerability Scoring System ( CVSS ) v 3.0 rating of 9.8 out of 10 . It 's fixed Vulnerability-related.PatchVulnerability in release 1.1.4 and later and since there are no workarounds , admins will need to update Vulnerability-related.PatchVulnerability to these releases to fix Vulnerability-related.PatchVulnerability the bug . Cisco also fixed Vulnerability-related.PatchVulnerability another critical DNA Center flaw , CVE-2018-15386 , which could give a remote attacker direct access to core management functions . An attacker could exploit the bug by directly connecting to exposed Attack.Databreach DNA Center services and from there obtain Attack.Databreach or change critical system files . This bug is due to insecure default configurations affecting Vulnerability-related.DiscoverVulnerability DNA Center release 1.1 Again , there are no workarounds for the bug , so admins will need to update Vulnerability-related.PatchVulnerability to release 1.2 and later . Both flaws were found Vulnerability-related.DiscoverVulnerability during internal testing . Cisco is not aware of any exploits in the wild for the flaws . Cisco has also fixed Vulnerability-related.PatchVulnerability a critical flaw affecting Vulnerability-related.DiscoverVulnerability Cisco Prime Infrastructure ( PI ) that could let a remote attacker upload any file they wishwithout requiring authentication . The file could be used to execute commands . On PI , Trivial File Transfer Protocol ( TFTP ) is enabled by default and accessible from the web interface , which an attacker could use toupload a malicious file . Customers should check Cisco 's advisory to determine whether they 're running a fixed release . It also has workarounds for some releases . The flaw was reported Vulnerability-related.DiscoverVulnerability by independent security researcher Pedro Ribeiro through Beyond Security 's SecuriTeam Secure Disclosure program . Beyond Security notes in its detailed report about the PI issue that Ribeiro identified Vulnerability-related.DiscoverVulnerability two flaws but only one was fixed Vulnerability-related.PatchVulnerability in Cisco 's patch . `` The first vulnerability is a file-upload vulnerability that allows the attacker to upload and execute JSP files as the Apache Tomcat user . '' `` The second vulnerability is a privilege escalation to root by bypassing execution restrictions in a SUID binary . `` From our assessment the provided fix only addresses Vulnerability-related.PatchVulnerability the file uploading part of the exploit , not the file inclusion , the ability to execute arbitrary code through it or the privileges escalation issue that the product has . '' Cisco also released Vulnerability-related.PatchVulnerability patches for 33 more high- and medium-severity flaws affecting Vulnerability-related.DiscoverVulnerability WebEx , SD-WAN products , and its ASA security appliances .

Cisco has plugged Vulnerability-related.PatchVulnerability two severe vulnerabilities affecting Vulnerability-related.DiscoverVulnerability its Digital Network Architecture ( DNA ) Center software . Appliances running Cisco 's DNA Center software before Release 1.1.4 are vulnerable Vulnerability-related.DiscoverVulnerability to an authentication bypass that could allow a remote attacker to `` take complete control '' of its identity management functions . Network admins can use the DNA Center interface to add new devices to the network and manage them based on enterprise policies . DNA Center is part of Cisco 's toolkit for internet-based networking . Lax security restrictions on key DNA management functions mean an attacker could send a valid identity management request to an affected system and then change existing system users or create new users , according to Cisco . The flaw , which is tracked as Vulnerability-related.DiscoverVulnerability CVE-2018-0448 , is rated critical and has a Common Vulnerability Scoring System ( CVSS ) v 3.0 rating of 9.8 out of 10 . It 's fixed Vulnerability-related.PatchVulnerability in release 1.1.4 and later and since there are no workarounds , admins will need to update Vulnerability-related.PatchVulnerability to these releases to fix Vulnerability-related.PatchVulnerability the bug . Cisco also fixed Vulnerability-related.PatchVulnerability another critical DNA Center flaw , CVE-2018-15386 , which could give a remote attacker direct access to core management functions . An attacker could exploit the bug by directly connecting to exposed Attack.Databreach DNA Center services and from there obtain Attack.Databreach or change critical system files . This bug is due to insecure default configurations affecting Vulnerability-related.DiscoverVulnerability DNA Center release 1.1 Again , there are no workarounds for the bug , so admins will need to update Vulnerability-related.PatchVulnerability to release 1.2 and later . Both flaws were found Vulnerability-related.DiscoverVulnerability during internal testing . Cisco is not aware of any exploits in the wild for the flaws . Cisco has also fixed Vulnerability-related.PatchVulnerability a critical flaw affecting Vulnerability-related.DiscoverVulnerability Cisco Prime Infrastructure ( PI ) that could let a remote attacker upload any file they wishwithout requiring authentication . The file could be used to execute commands . On PI , Trivial File Transfer Protocol ( TFTP ) is enabled by default and accessible from the web interface , which an attacker could use toupload a malicious file . Customers should check Cisco 's advisory to determine whether they 're running a fixed release . It also has workarounds for some releases . The flaw was reported Vulnerability-related.DiscoverVulnerability by independent security researcher Pedro Ribeiro through Beyond Security 's SecuriTeam Secure Disclosure program . Beyond Security notes in its detailed report about the PI issue that Ribeiro identified Vulnerability-related.DiscoverVulnerability two flaws but only one was fixed Vulnerability-related.PatchVulnerability in Cisco 's patch . `` The first vulnerability is a file-upload vulnerability that allows the attacker to upload and execute JSP files as the Apache Tomcat user . '' `` The second vulnerability is a privilege escalation to root by bypassing execution restrictions in a SUID binary . `` From our assessment the provided fix only addresses Vulnerability-related.PatchVulnerability the file uploading part of the exploit , not the file inclusion , the ability to execute arbitrary code through it or the privileges escalation issue that the product has . '' Cisco also released Vulnerability-related.PatchVulnerability patches for 33 more high- and medium-severity flaws affecting Vulnerability-related.DiscoverVulnerability WebEx , SD-WAN products , and its ASA security appliances .

Cisco has plugged Vulnerability-related.PatchVulnerability two severe vulnerabilities affecting Vulnerability-related.DiscoverVulnerability its Digital Network Architecture ( DNA ) Center software . Appliances running Cisco 's DNA Center software before Release 1.1.4 are vulnerable Vulnerability-related.DiscoverVulnerability to an authentication bypass that could allow a remote attacker to `` take complete control '' of its identity management functions . Network admins can use the DNA Center interface to add new devices to the network and manage them based on enterprise policies . DNA Center is part of Cisco 's toolkit for internet-based networking . Lax security restrictions on key DNA management functions mean an attacker could send a valid identity management request to an affected system and then change existing system users or create new users , according to Cisco . The flaw , which is tracked as Vulnerability-related.DiscoverVulnerability CVE-2018-0448 , is rated critical and has a Common Vulnerability Scoring System ( CVSS ) v 3.0 rating of 9.8 out of 10 . It 's fixed Vulnerability-related.PatchVulnerability in release 1.1.4 and later and since there are no workarounds , admins will need to update Vulnerability-related.PatchVulnerability to these releases to fix Vulnerability-related.PatchVulnerability the bug . Cisco also fixed Vulnerability-related.PatchVulnerability another critical DNA Center flaw , CVE-2018-15386 , which could give a remote attacker direct access to core management functions . An attacker could exploit the bug by directly connecting to exposed Attack.Databreach DNA Center services and from there obtain Attack.Databreach or change critical system files . This bug is due to insecure default configurations affecting Vulnerability-related.DiscoverVulnerability DNA Center release 1.1 Again , there are no workarounds for the bug , so admins will need to update Vulnerability-related.PatchVulnerability to release 1.2 and later . Both flaws were found Vulnerability-related.DiscoverVulnerability during internal testing . Cisco is not aware of any exploits in the wild for the flaws . Cisco has also fixed Vulnerability-related.PatchVulnerability a critical flaw affecting Vulnerability-related.DiscoverVulnerability Cisco Prime Infrastructure ( PI ) that could let a remote attacker upload any file they wishwithout requiring authentication . The file could be used to execute commands . On PI , Trivial File Transfer Protocol ( TFTP ) is enabled by default and accessible from the web interface , which an attacker could use toupload a malicious file . Customers should check Cisco 's advisory to determine whether they 're running a fixed release . It also has workarounds for some releases . The flaw was reported Vulnerability-related.DiscoverVulnerability by independent security researcher Pedro Ribeiro through Beyond Security 's SecuriTeam Secure Disclosure program . Beyond Security notes in its detailed report about the PI issue that Ribeiro identified Vulnerability-related.DiscoverVulnerability two flaws but only one was fixed Vulnerability-related.PatchVulnerability in Cisco 's patch . `` The first vulnerability is a file-upload vulnerability that allows the attacker to upload and execute JSP files as the Apache Tomcat user . '' `` The second vulnerability is a privilege escalation to root by bypassing execution restrictions in a SUID binary . `` From our assessment the provided fix only addresses Vulnerability-related.PatchVulnerability the file uploading part of the exploit , not the file inclusion , the ability to execute arbitrary code through it or the privileges escalation issue that the product has . '' Cisco also released Vulnerability-related.PatchVulnerability patches for 33 more high- and medium-severity flaws affecting Vulnerability-related.DiscoverVulnerability WebEx , SD-WAN products , and its ASA security appliances .

Cisco has plugged Vulnerability-related.PatchVulnerability two severe vulnerabilities affecting Vulnerability-related.DiscoverVulnerability its Digital Network Architecture ( DNA ) Center software . Appliances running Cisco 's DNA Center software before Release 1.1.4 are vulnerable Vulnerability-related.DiscoverVulnerability to an authentication bypass that could allow a remote attacker to `` take complete control '' of its identity management functions . Network admins can use the DNA Center interface to add new devices to the network and manage them based on enterprise policies . DNA Center is part of Cisco 's toolkit for internet-based networking . Lax security restrictions on key DNA management functions mean an attacker could send a valid identity management request to an affected system and then change existing system users or create new users , according to Cisco . The flaw , which is tracked as Vulnerability-related.DiscoverVulnerability CVE-2018-0448 , is rated critical and has a Common Vulnerability Scoring System ( CVSS ) v 3.0 rating of 9.8 out of 10 . It 's fixed Vulnerability-related.PatchVulnerability in release 1.1.4 and later and since there are no workarounds , admins will need to update Vulnerability-related.PatchVulnerability to these releases to fix Vulnerability-related.PatchVulnerability the bug . Cisco also fixed Vulnerability-related.PatchVulnerability another critical DNA Center flaw , CVE-2018-15386 , which could give a remote attacker direct access to core management functions . An attacker could exploit the bug by directly connecting to exposed Attack.Databreach DNA Center services and from there obtain Attack.Databreach or change critical system files . This bug is due to insecure default configurations affecting Vulnerability-related.DiscoverVulnerability DNA Center release 1.1 Again , there are no workarounds for the bug , so admins will need to update Vulnerability-related.PatchVulnerability to release 1.2 and later . Both flaws were found Vulnerability-related.DiscoverVulnerability during internal testing . Cisco is not aware of any exploits in the wild for the flaws . Cisco has also fixed Vulnerability-related.PatchVulnerability a critical flaw affecting Vulnerability-related.DiscoverVulnerability Cisco Prime Infrastructure ( PI ) that could let a remote attacker upload any file they wishwithout requiring authentication . The file could be used to execute commands . On PI , Trivial File Transfer Protocol ( TFTP ) is enabled by default and accessible from the web interface , which an attacker could use toupload a malicious file . Customers should check Cisco 's advisory to determine whether they 're running a fixed release . It also has workarounds for some releases . The flaw was reported Vulnerability-related.DiscoverVulnerability by independent security researcher Pedro Ribeiro through Beyond Security 's SecuriTeam Secure Disclosure program . Beyond Security notes in its detailed report about the PI issue that Ribeiro identified Vulnerability-related.DiscoverVulnerability two flaws but only one was fixed Vulnerability-related.PatchVulnerability in Cisco 's patch . `` The first vulnerability is a file-upload vulnerability that allows the attacker to upload and execute JSP files as the Apache Tomcat user . '' `` The second vulnerability is a privilege escalation to root by bypassing execution restrictions in a SUID binary . `` From our assessment the provided fix only addresses Vulnerability-related.PatchVulnerability the file uploading part of the exploit , not the file inclusion , the ability to execute arbitrary code through it or the privileges escalation issue that the product has . '' Cisco also released Vulnerability-related.PatchVulnerability patches for 33 more high- and medium-severity flaws affecting Vulnerability-related.DiscoverVulnerability WebEx , SD-WAN products , and its ASA security appliances .