December 11, 2024 at 01:33PM Apple’s iPadOS 17.7.3 update, releasing on December 11, 2024, addresses multiple vulnerabilities (CVE-2024-44201, CVE-2024-54486, among others) affecting iPad Pro 12.9-inch (2nd gen), iPad Pro 10.5-inch, and iPad 6th gen. Issues include memory disclosure, kernel state leakage, denial of service, and unexpected crashes. ### Meeting Notes Summary **Apple ID**: 121838 **Release … Read more
October 15, 2024 at 01:28PM Apple’s macOS Ventura 13.7 release includes multiple security updates addressing various vulnerabilities. Key issues involve potential leaks of sensitive user data, app access to protected file systems, buffer overflow risks, and improper handling of permissions and privacy data. Updates are available to mitigate these risks. ### Meeting Takeaways **Apple ID**: … Read more
September 26, 2024 at 04:26PM HPE Aruba Networking addressed three critical vulnerabilities (CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507) that could allow remote code execution by unauthenticated attackers on Aruba access points. The bugs impact devices running AOS-8 and AOS-10, prompting the recommendation for administrators to install updates to prevent potential attacks. Other Aruba products are not affected. … Read more
September 16, 2024 at 10:29AM D-Link has patched critical vulnerabilities in three popular wireless router models, impacting consumers seeking high-end WiFi 6 routers and mesh networking systems. The vulnerabilities allow remote attackers to execute arbitrary code or access devices using hardcoded credentials. D-Link advises firmware upgrades to fix flaws and criticizes the third-party for publicly … Read more
September 10, 2024 at 03:37PM Ivanti has patched a critical vulnerability (CVE-2024-29847) in its Endpoint Management software that could allow unauthenticated attackers to execute remote code on the core server. The company has also addressed almost two dozen other high and critical severity flaws in its products. Ivanti has seen a rise in fixed flaws … Read more
September 10, 2024 at 12:57PM Adobe released patches for 28 security vulnerabilities across its products, warning of code execution attacks on both Windows and macOS systems. The most pressing issue affects Acrobat and PDF Reader, with two memory corruption vulnerabilities allowing arbitrary code execution. A critical Adobe ColdFusion flaw (CVE-2024-41874) with a severity score of … Read more
September 10, 2024 at 10:27AM SAP released 16 new and updated security notes in September 2024. The updates addressed critical, high, and medium-severity vulnerabilities in various software applications. These include fixes for issues such as missing authorization checks, information disclosure, and cross-site scripting. SAP advises users to apply the fixes promptly and notes no exploitation … Read more
September 9, 2024 at 02:57AM Progress Software has issued an emergency fix for a critical vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant products, allowing remote command execution. Based on the meeting notes, it appears that Progress Software has issued an emergency fix for a critical severity vulnerability affecting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor … Read more
September 3, 2024 at 03:59PM Zyxel released security updates for a critical vulnerability affecting various business routers, allowing unauthenticated attackers to execute OS commands. The flaw, tracked as CVE-2024-7261, has a CVSS v3 score of 9.8. Additionally, multiple high-severity flaws in APT and USG FLEX firewalls were addressed through security updates. Detailed information is available … Read more
August 26, 2024 at 12:16PM Versa Networks resolved a zero-day vulnerability through a security update after detecting its exploitation. The flaw impacted the Versa Director platform and could be leveraged by threat actors to upload corrupted files. The company urged affected customers to enhance system security and update their installations to protect against potential attacks. … Read more