Apple Releases Security Updates for Multiple Products
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.
CISA encourages users and administrators to review the following advisories and apply the necessary updates.
watchOS 8.8.1
macOS Big Sur 11.7.8
macOS Monterey 12.6.7
iOS 15.7.7 and iPadOS 15.7.7
watchOS 9.5.2
macOS Ventura 13.4.1
iOS 16.5.1 and iPadOS 16.5.1
ISC Releases Security Advisories for Multiple Versions of BIND 9
The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions.
CISA encourages users and administrators to review the following ISC advisories CVE-2023-2828, CVE-2023-2829, and CVE-2023-2911 and apply the necessary mitigations.
Juniper Networks Releases Security Advisory for Junos OS and Junos OS Evolved
Juniper Networks has released a security advisory that addresses a vulnerability in Junos OS and Junos OS Evolved. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.
CISA encourages users and administrators to review the Juniper Security Advisory for CVE-2023-0026 and apply the necessary updates.
CISA Adds Six Known Exploited Vulnerabilities to Catalog
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-20887 VMware Aria Operations for Networks Command Injection Vulnerability
CVE-2020-35730 Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability
CVE-2020-12641 Roundcube Webmail Remote Code Execution Vulnerability
CVE-2021-44026 Roundcube Webmail SQL Injection Vulnerability
CVE-2016-9079 Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability
CVE-2016-0165 Microsoft Win32k Privilege Escalation Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort by descending dates.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
“Condi” propagado mediante dispositivos TP-Link
El equipo de investigación de FortiGuard ha descubierto recientemente, muestras de un Botnet de DDoS-as-a-service denominado “Condi” el cual utiliza una vulnerabilidad en routers Archer AX21 de TP-Link. La vulnerabilidad es cuestión ha sido rastreada como CVE-2023-1389 y fue revelada a mediados de marzo del 2023. La vulnerabilidad rastreada como CVE-2023-1389 es una vulnerabilidad en […]