Apple has issued Vulnerability-related.PatchVulnerability an update to fix Vulnerability-related.PatchVulnerability a number of issues in macOS Mojave leading to arbitrary code execution , the ability to read restricted memory and access local users Apple IDs among others . All were patched Vulnerability-related.PatchVulnerability with the release of macOS Mojave 10.14 on Sept 24. applePatchapplePatch The first issue , CVE-2018-5383 , impacted Vulnerability-related.DiscoverVulnerability a number of iMac , MacBook Air , Mac Pro and Mac mini server products . An input validation issue existed in Vulnerability-related.DiscoverVulnerability Bluetooth was fixed Vulnerability-related.PatchVulnerability that could have allowed an attacker in a privileged network position to intercept Bluetooth traffic . The App Store also patched Vulnerability-related.PatchVulnerability CVE-2018-4324 , an issue in the handling of Apple ID that could have been exploited Vulnerability-related.DiscoverVulnerability by a malicious application that would expose the Apple ID of the computer ’ s owner . Also , a validation issue that could expose Apple IDs was in Auto Unlock that was patched Vulnerability-related.PatchVulnerability with improved validation of the process entitlement . CVE-2018-4353 impacted Vulnerability-related.DiscoverVulnerability the application firewall where a sandboxed process may be able to circumvent sandbox restrictions , but this was addressed Vulnerability-related.PatchVulnerability by adding additional restrictions . In Crash Reporter a validation issue , CVE-2018-4333 , was addressed Vulnerability-related.PatchVulnerability that if exploited Vulnerability-related.DiscoverVulnerability would allow a malicious application to read restricted memory . Two Kernel problems were fixed Vulnerability-related.PatchVulnerability , CVE-2018-4336 and CVE-2018-4344 , that could let an application may be able to execute arbitrary code with kernel privileges . The final problem , CVE-2016-1777 , effected Security where an attacker could exploit a weaknesses in the RC4 cryptographic algorithm and was fixed Vulnerability-related.PatchVulnerability by removing RC4 .

This week , Adobe released Vulnerability-related.PatchVulnerability its monthly scheduled update bundle addressing Vulnerability-related.PatchVulnerability vulnerabilities within its different products . The Adobe patch Tuesday November updates allegedly fixed Vulnerability-related.PatchVulnerability numerous vulnerabilities leading to information disclosure . These vulnerabilities existed in Vulnerability-related.DiscoverVulnerability Adobe Acrobat/Reader , Flash Player , and Photoshop CC . The recently released Adobe Patch Tuesday November updates addressed Vulnerability-related.PatchVulnerability three different vulnerabilities – all resulting in information disclosure . The first one existed in Vulnerability-related.DiscoverVulnerability the Adobe Photoshop CC affecting Vulnerability-related.DiscoverVulnerability versions 19.1.6 and prior for both Windows and MacOS . As described in the security advisory , Adobe has fixed Vulnerability-related.PatchVulnerability this important Out-of-bounds read vulnerability ( CVE-2018-15980 ) in the Photoshop CC versions 19.1.7 and 20.0 . The second information disclosure flaw affected Vulnerability-related.DiscoverVulnerability Adobe Reader and Acrobat for Windows . Explaining about the flaw in their advisory , Adobe stated , “ Successful exploitation could lead to an inadvertent leak of the user ’ s hashed NTLM password. ” The vulnerability initially received the CVE Vulnerability-related.DiscoverVulnerability number CVE-2018-4993 , when Check Point Research first reported Vulnerability-related.DiscoverVulnerability the bug . However , as recently disclosed Vulnerability-related.DiscoverVulnerability by the EdgeSpot , Adobe only patched Vulnerability-related.PatchVulnerability a single variant of this bug . Whereas , the EdgeSpot team discovered Vulnerability-related.DiscoverVulnerability other variants that hinted towards a failed patching Vulnerability-related.PatchVulnerability of the bug instead of a new vulnerability . The patched vulnerability has now received CVE Vulnerability-related.DiscoverVulnerability number CVE-2018-15979 “ to reflect that the patch is available Vulnerability-related.PatchVulnerability ” . The third vulnerability addressed Vulnerability-related.PatchVulnerability this month is an out-of-bounds Read vulnerability ( CVE-2018-15978 ) in the Adobe Flash Player . The affected versions include 31.0.0.122 and earlier for Windows , Linux , and MacOS . Unlike previous months , the Adobe Patch Tuesday November update bundle addressed Vulnerability-related.PatchVulnerability fewer bugs . Moreover , none of the patched vulnerabilities had a critical severity impact . In October , Adobe patched Vulnerability-related.PatchVulnerability 86 different vulnerabilities including 47 critical ones . Whereas , in September , they addressed Vulnerability-related.PatchVulnerability 6 critical flaws . Adobe has fixed Vulnerability-related.PatchVulnerability the bugs CVE-2018-15980 and CVE-2018-15978 in Adobe Photoshop CC versions 19.1.7 and 20.0 and Adobe Flash Player version 31.0.0.148 , respectively . Whereas , CVE-2018-15979 has received Vulnerability-related.PatchVulnerability a patch in Adobe Acrobat DC and Reader DC version 2019.008.20081 , Acrobat 2017 and Acrobat Reader DC 2017 version 2017.011.30106 , and Acrobat DC and Acrobat Reader DC ( Classic 2015 ) version 2015.006.30457 . For protection against the three important vulnerabilities addressed Vulnerability-related.PatchVulnerability in November updates , users should make sure to upgrade Vulnerability-related.PatchVulnerability their software to the patched versions at the earliest convenience .

This week , Adobe released Vulnerability-related.PatchVulnerability its monthly scheduled update bundle addressing Vulnerability-related.PatchVulnerability vulnerabilities within its different products . The Adobe patch Tuesday November updates allegedly fixed Vulnerability-related.PatchVulnerability numerous vulnerabilities leading to information disclosure . These vulnerabilities existed in Vulnerability-related.DiscoverVulnerability Adobe Acrobat/Reader , Flash Player , and Photoshop CC . The recently released Adobe Patch Tuesday November updates addressed Vulnerability-related.PatchVulnerability three different vulnerabilities – all resulting in information disclosure . The first one existed in Vulnerability-related.DiscoverVulnerability the Adobe Photoshop CC affecting Vulnerability-related.DiscoverVulnerability versions 19.1.6 and prior for both Windows and MacOS . As described in the security advisory , Adobe has fixed Vulnerability-related.PatchVulnerability this important Out-of-bounds read vulnerability ( CVE-2018-15980 ) in the Photoshop CC versions 19.1.7 and 20.0 . The second information disclosure flaw affected Vulnerability-related.DiscoverVulnerability Adobe Reader and Acrobat for Windows . Explaining about the flaw in their advisory , Adobe stated , “ Successful exploitation could lead to an inadvertent leak of the user ’ s hashed NTLM password. ” The vulnerability initially received the CVE Vulnerability-related.DiscoverVulnerability number CVE-2018-4993 , when Check Point Research first reported Vulnerability-related.DiscoverVulnerability the bug . However , as recently disclosed Vulnerability-related.DiscoverVulnerability by the EdgeSpot , Adobe only patched Vulnerability-related.PatchVulnerability a single variant of this bug . Whereas , the EdgeSpot team discovered Vulnerability-related.DiscoverVulnerability other variants that hinted towards a failed patching Vulnerability-related.PatchVulnerability of the bug instead of a new vulnerability . The patched vulnerability has now received CVE Vulnerability-related.DiscoverVulnerability number CVE-2018-15979 “ to reflect that the patch is available Vulnerability-related.PatchVulnerability ” . The third vulnerability addressed Vulnerability-related.PatchVulnerability this month is an out-of-bounds Read vulnerability ( CVE-2018-15978 ) in the Adobe Flash Player . The affected versions include 31.0.0.122 and earlier for Windows , Linux , and MacOS . Unlike previous months , the Adobe Patch Tuesday November update bundle addressed Vulnerability-related.PatchVulnerability fewer bugs . Moreover , none of the patched vulnerabilities had a critical severity impact . In October , Adobe patched Vulnerability-related.PatchVulnerability 86 different vulnerabilities including 47 critical ones . Whereas , in September , they addressed Vulnerability-related.PatchVulnerability 6 critical flaws . Adobe has fixed Vulnerability-related.PatchVulnerability the bugs CVE-2018-15980 and CVE-2018-15978 in Adobe Photoshop CC versions 19.1.7 and 20.0 and Adobe Flash Player version 31.0.0.148 , respectively . Whereas , CVE-2018-15979 has received Vulnerability-related.PatchVulnerability a patch in Adobe Acrobat DC and Reader DC version 2019.008.20081 , Acrobat 2017 and Acrobat Reader DC 2017 version 2017.011.30106 , and Acrobat DC and Acrobat Reader DC ( Classic 2015 ) version 2015.006.30457 . For protection against the three important vulnerabilities addressed Vulnerability-related.PatchVulnerability in November updates , users should make sure to upgrade Vulnerability-related.PatchVulnerability their software to the patched versions at the earliest convenience .

This week , Adobe has released Vulnerability-related.PatchVulnerability its very first Patch Tuesday update bundle for the year 2019 . The Adobe January Patch Tuesday updates brought fixes for security vulnerabilities in Adobe Digital Editions and Adobe Connect . It has also released Vulnerability-related.PatchVulnerability patches for Flash Player , but they are not security fixes . This Tuesday , Adobe has rolled-out Vulnerability-related.PatchVulnerability scheduled monthly updates for its products . However , this time , it has particularly focused on Adobe Digital Editions and Adobe Connect for security fixes . Besides , the update bundle is relatively smaller , unlike the previous updates that addressed Vulnerability-related.PatchVulnerability tens of vulnerabilities . According to the security advisory , Adobe has fixed Vulnerability-related.PatchVulnerability an important security vulnerability in Adobe Digital Editions . Describing the problem , they stated , “ Successful exploitation could lead to information disclosure in the context of the current user. ” Reportedly , it ’ s an out of bounds read flaw ( CVE-2018-12817 ) that affected Vulnerability-related.DiscoverVulnerability the software version 4.5.9 and earlier for all platforms , i.e. , Windows , MacOS , Android and iOS . Users should ensure updating Vulnerability-related.PatchVulnerability their devices with the patched Adobe Digital Editions version 4.5.10 . In addition to the above , another important vulnerability existed in Vulnerability-related.DiscoverVulnerability Adobe Connect that could result in session token exposure . As stated in the advisory , the vulnerability ( CVE-2018-19718 ) could “ lead to exposure of privileges granted to a session. ” The vulnerability affected Vulnerability-related.DiscoverVulnerability the Adobe Connect versions 9.8.1 and earlier for all platforms . Users should , hence , ensure updating Vulnerability-related.PatchVulnerability their systems with the patched version 10.1 . Besides the two security fixes , Adobe have released Vulnerability-related.PatchVulnerability patches for Flash Player as well addressing Vulnerability-related.PatchVulnerability performance issues . As described in the Adobe advisory , “ Adobe has released Vulnerability-related.PatchVulnerability updates for Adobe Flash Player for Windows , macOS , Linux and Chrome OS . These updates address Vulnerability-related.PatchVulnerability feature and performance bugs , and do not include security fixes. ” The patched Flash Player version 32.0.0.114 has been rolled-out to be downloaded Vulnerability-related.PatchVulnerability across all platforms . This time , the update bundle did not address Vulnerability-related.PatchVulnerability security problems in Adobe Reader or Acrobat . However , the vendors already released Vulnerability-related.PatchVulnerability security fixes for them in the previous week . The patch addressed Vulnerability-related.PatchVulnerability two critical vulnerabilities ( CVE-2018-16011 and CVE-2018-16018 ) that could result in arbitrary code execution and privilege escalation respectively .

Apache Struts is an open-source web development framework for Java web applications . On Monday , the Apache Struts developers fixed Vulnerability-related.PatchVulnerability a high-impact vulnerability in the framework 's Jakarta Multipart parser . The vulnerability is very easy to exploit and allows attackers to execute system commands with the privileges of the user running the web server process . What 's even worse is that the Java web application does n't even need to implement file upload functionality via the Jakarta Multipart parser in order to be vulnerable . According to researchers from Qualys , the simple presence on the web server of this component , which is part of the Apache Struts framework by default , is enough to allow exploitation . `` Needless to say we think this is a high priority issue and the consequence of a successful attack is dire , '' said Amol Sarwate , director of Vulnerability Labs at Qualys , in a blog post . Companies who use Apache Struts on their servers should upgrade Vulnerability-related.PatchVulnerability the framework to versions 2.3.32 or 2.5.10.1 as soon as possible . Researchers from Cisco Talos have observed `` a high number of exploitation events . '' Some of them only execute the Linux command whoami to determine the privileges of the web server user and are probably used for initial probing . Others go further and stop the Linux firewall and then download an ELF executable that 's executed on the server . `` The payloads have varied but include an IRC bouncer , a DoS bot , and a sample related to the bill gates botnet , '' the Talos researchers said in a blog post . According to researchers from Spanish outfit Hack Players , Google searches indicate Vulnerability-related.DiscoverVulnerability 35 million web applications that accept `` filetype : action '' uploads and a high percentage of them are likely vulnerable Vulnerability-related.DiscoverVulnerability . It 's somewhat unusual that attacks have started so quickly after the flaw was announced Vulnerability-related.DiscoverVulnerability and it 's not yet clear whether an exploit for the vulnerability already existed in Vulnerability-related.DiscoverVulnerability closed circles before Monday . Users who ca n't immediately upgrade Vulnerability-related.PatchVulnerability to the patched Struts versions can apply a workaround that consists of creating a Servlet filter for Content-Type that would discard any requests not matching multipart/form-data . Web application firewall rules to block such requests are also available from various vendors