Highlights and Updates

Google Releases Security Updates for Chrome

Tuesday, 27th April 2021

Google has released Chrome version 90.0.4430.93 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

We encourage users and administrators to review the Chrome Release Note and apply the necessary updates.

Oracle Releases April 2021 Critical Patch Update

Tuesday, 20th April 2021

Oracle has released its Critical Patch Update for April 2021 to address 384 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review the Oracle April 2021 Critical Patch Update and apply the necessary updates.

VMware Releases Security Update

Tuesday, 20th April 2021

VMware has released a security update to address a vulnerability affecting NSX-T. An attacker can exploit this vulnerability to take control of an affected system

We encourage users and administrators to review VMSA-2021-0006 and apply the necessary update and workaround.

Google Releases Security Updates for Chrome

Tuesday, 13th April 2021

Google has updated the stable channel for Chrome to 89.0.4389.128 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

We encourage users and administrators to review the Chrome release and apply the necessary changes.

Critical Cloud Bug in VMWare Carbon Black Allows Takeover

Monday, 12th April 2021

A critical security vulnerability in the VMware Carbon Black Cloud Workload appliance would allow privilege escalation and the ability to take over the administrative rights for the solution.The bug (CVE-2021-21982) ranks 9.1 out of 10 on the CVSS vulnerability-severity scale. The VMware Carbon Black Cloud Workload platform is designed to provide cybersecurity defence for virtual servers and workloads that are hosted on the VMware’s vSphere platform. vSphere is VMware’s cloud-computing virtualization platform.

Apple Mail Zero-Click Security Vulnerability Allows Email Snooping

Tuesday, 6th April 2021

CVE-2020-9922 can be triggered just by sending a target an email with two .ZIP files attached.

A zero-click security vulnerability in Apple’s macOS Mail would allow a cyber attacker to add or modify any arbitrary file inside Mail’s sandbox environment, leading to a range of attack types.

CVE-2020-9922 is rated 6.5 on the CVSS vulnerability-severity scale, making it medium-severity, but the researcher stressed that successful exploitation could “lead to many bad things.”

Citrix Releases Security Updates for Hypervisor

Thursday, 1st April 2021

Citrix has released security updates to address vulnerabilities in Hypervisor (formerly Xen Server).An attacker could exploit some of these vulnerabilities to cause a denial-of-service condition.

We encourage users and administrators to review Citrix Security Update CTX306565 and apply the necessary updates.

Google Releases Security Updates for Chrome

Wednesday, 31st March 2021

Google has released Chrome version 89.0.4389.114 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

We encourage users and administrators to review the Chrome Release Note and apply the necessary updates.

VMware Releases Security Updates

Wednesday, 31st March 2021

VMware has released security updates to address multiple vulnerabilities affecting vRealize Operations, Cloud Foundation, and vRealize Suite Lifecycle Manager. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review VMware Security Advisory VMSA-2021-004 and apply the necessary updates or workarounds.

Microsoft Releases March 2021 Security Updates

Wednesday, 10th March 2021

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review Microsoft’s March 2021 Security Update Summary and Deployment Information and apply the necessary updates.