December 12, 2023 at 07:47PM
The final Patch Tuesday of 2023 requires updates for Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian, and Apple products. Apple issued emergency fixes for vulnerabilities in iOS devices, Macs, Apple TV, and Apple Watch. Microsoft released over 30 patches, including critical vulnerabilities. Adobe addressed 212 vulnerabilities. Google’s Android security update fixed 85 vulnerabilities, with three possibly under targeted exploitation. SAP, Atlassian, Cisco, Apache Struts, VMware, and FortiGuard also released security patches for various products.
Here are the key takeaways from the provided meeting notes:
Apple:
– Two concerning vulnerabilities were disclosed by Apple.
– The vulnerabilities impact the WebKit web browser engine and older iPhones, iPads, Apple Watches, and AppleTVs.
– Apple issued emergency fixes at the end of November to address security problems in some devices.
Microsoft:
– Microsoft closed out the year with over 30 Windows patches; four are rated critical.
– The critical-severity bugs could be abused for remote code execution (RCE).
– One vulnerability affects the web server component of Microsoft Power Platform and Azure Logic Apps.
Adobe:
– Adobe addressed 212 vulnerabilities in nine patches across various products.
– The bulk of the bugs (185 CVEs) are in Experience Manager and are important- or moderate-rated cross-site scripting (XSS) bugs.
Google and Qualcomm:
– Google’s December security updates for Android fix 85 vulnerabilities, including three that “may be under limited, targeted exploitation.”
– All three vulnerabilities affect Qualcomm components.
SAP:
– SAP released 17 new and updated security patches, including four HotNews Notes and four High Priority Notes.
Atlassian, Cisco, and Apache Struts:
– Atlassian pushed updates to fix five high-severity 7.5-rated CVEs, all of which are denial-of-service flaws affecting various products.
– Cisco published a security advisory about a vulnerability in Apache Struts that may affect a long list of its products containing the software.
VMware and FortiGuard:
– VMware fixed a moderate-rated privilege escalation vulnerability in its VMware Workspace ONE Launcher product.
– FortiGuard fixed a double free vulnerability in FortiOS and FortiPAM HTTPSd daemon.
These represent the most salient points from the meeting notes. Let me know if there are any specific details or additional information you need.