Juniper Networks has released Vulnerability-related.PatchVulnerability its first cluster of security updates for 2019 , with the patches addressing Vulnerability-related.PatchVulnerability vulnerabilities in various products developed by the US networking equipment firm . Among the 19 security advisories released on Wednesday is a critical bug impacting Vulnerability-related.DiscoverVulnerability Junos OS , the FreeBSD-based operating system used in Juniper ’ s routers . CVE-2019-0006 affects Vulnerability-related.DiscoverVulnerability Junos OS versions 14.1X53 , 15.1 , 15.1X53 , where it was found Vulnerability-related.DiscoverVulnerability that a specially crafted HTTP packet could crash the fxpc daemon or could potentially lead to remote code execution ( RCE ) . Also marked as critical is CVE-2019-0007 , which addresses Vulnerability-related.PatchVulnerability a vulnerability in vMX series virtual routers running Junos OS 15.1 . “ The vMX series software uses a predictable IP ID Sequence Number , ” said Juniper . “ This leaves the system as well as clients connecting through the device susceptible to a family of attacks. ” Patches have also been released Vulnerability-related.PatchVulnerability for eight vulnerabilities in the libxml2 software library that impact Vulnerability-related.DiscoverVulnerability Junos OS . Eight additional security updates have been released Vulnerability-related.PatchVulnerability by Juniper that feature mitigations for high-level impact bugs , while a further six deal with less severe flaws . Multiple vulnerabilities were also discovered Vulnerability-related.DiscoverVulnerability in Juniper ’ s Advanced Threat Prevention ( ATP ) cloud security service . And finally , Juniper said nearly 40 vulnerabilities have been resolved Vulnerability-related.PatchVulnerability in the Junos Space Network Management Platform 18.3R1 and 18.4R1 by upgrading Vulnerability-related.PatchVulnerability third party components or fixing Vulnerability-related.PatchVulnerability internally discovered security vulnerabilities . Commenting on the advisories , the National Cybersecurity and Communications Integration Center ( NCCIC ) , said : “ Users and administrators should review Juniper ’ s Security Advisories webpage and apply the necessary updates . ”

A severe vulnerability has been disclosed Vulnerability-related.DiscoverVulnerability in libpurple , the library used in the development of a number of popular instant messaging clients , including Pidgin and Adium for the macOS platform . Adium 1.5.10.2 is vulnerable Vulnerability-related.DiscoverVulnerability and can be exploited Vulnerability-related.DiscoverVulnerability to run arbitrary code remotely . A researcher who goes by the handle Erythronium submitted a post Vulnerability-related.DiscoverVulnerability on March 15 to the Adium developers mailing list about the issue . While there ’ s been some discussion of a fix for CVE-2017-2640 , no Adium advisory or patches have been released Vulnerability-related.PatchVulnerability . In the meantime , Erythronium told Threatpost that libpurple and Adium should no longer be used . “ Unless the [ Adium ] dev team comes out Vulnerability-related.PatchVulnerability with an advisory about this issue , a serious apology , a completely solid story about how they plan to handle future vulnerabilities in their codebase and its dependencies , and a way for people to reproduce their builds without depending on a creepy binary blob of libpurple , people should simply stop using it , ” the researcher said . “ It ’ s also very arguable that people should stop using libpurple completely , since it also lacks strong security practices in its development ” . A request for comment from two members of the Adium team was not returned in time for publication . “ Adium ’ s build process documentation does not seem to include steps for upgrading or rebuilding libpurple , and the copy of libpurple checked into Adium ’ s open-source repository as a binary blob of unknown provenance , ” Erythronium wrote in a post to the Full Disclosure mailing list . Adium is a freely available IM client for the Apple platform , and users may connect a number of other IM networks to it , including AIM , Google Talk , Yahoo Messenger and others . It ’ s written using the Cocoa API in macOS , and also supports Off the Record ( OTR ) encryption over XMPP . Libpurple is used in a number of IM programs , including Pidgin on Windows Linux and UNIX builds and Finch , a text-based IM program for Linux and UNIX . The vulnerability is an out-of-bounds write flaw that happens when invalid XML is sent by an attacker , Pidgin said in an advisory . “ Successfully exploiting this issue may allow an attacker to cause a denial-of-service condition , execute arbitrary code or perform unauthorized actions , ” said Vulnerability-related.DiscoverVulnerability a SecurityFocus advisory . The use of messaging apps that support encryption have been encouraged since the Snowden disclosures and other challenges to secure communication such as Apple vs. FBI . Adium specifically was included in a Privacy Pack recommended by the Electronic Frontier Foundation in the months following the Snowden leaks . The pack was a collection of tools for privacy conscious users , and included the Tor browser , encryption extensions for browsers , HTTPS Everywhere , and Pidgin and Adium for encrypted chats . Enterprise applications from Oracle and others could be becoming juicier targets for attackers . Developers using the Twilio platform to build enterprise mobile communications apps have put call and text data at risk for exposure . Between $ 150 million and $ 300 million in digital currency called ether remains inaccessible today after a user said he “ accidentally ” triggered a vulnerability that froze the funds in the popular Parity wallet