Highlights and Updates

Mozilla Releases Security Updates for Firefox, Firefox for Android, and Firefox ESR

Thursday, 7th January 2021

Mozilla has released security updates to address a vulnerability in Firefox, Firefox for Android, and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. 

We encourage users and administrators to review the Mozilla Security Advisory and apply the necessary updates..

Google Releases Security Updates for Chrome

Wednesday, 6th January 2021

Google has released Chrome version 87.0.4280.141 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

We encourage users and administrators to review the Chrome Release and apply the necessary updates.

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Wednesday, 16th December 2020

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. 

We encourage users and administrators to review the Mozilla Security Advisories for Firefox 84Firefox ESR 78.6, and Thunderbird 78.6 and apply the necessary updates. 

Apple Releases Security Updates for Multiple Products

Tuesday, 15th December 2020

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

·         iOS 14.3 and iPadOS14.3

·        macOS Server 5.11

·        iOS 12.5

·        tvOS 14.3

·        watchOS 6.3

·        Safari 14.0.2

·        watchOS 7.2

·        macOS Big Sur 11.1,Security Update 2020-001 Catalina, Security Update 2020-007 Mojave

Adobe Releases Security Updates for Acrobat and Reader

Thursday, 10th December 2020

Adobe has released security updates to address a vulnerability in Acrobat and Reader. An attacker could exploit this vulnerability to obtain sensitive information.

We encourage users and administrators to review Adobe Security Bulletin APSB20-75 and apply the necessary updates.

OpenSSL Releases Security Update

Thursday, 10th December 2020

OpenSSL has released a security update to address a vulnerability affecting all versions of 1.0.2 and1.1.1 released before version 1.1.1i. An attacker could exploit this vulnerability to cause a denial-of-service condition.

We encourage users and administrators to review the OpenSSL Security Advisory and apply the necessary update.

Apache Releases Security Update for Apache Struts 2

Tuesday, 8th December 2020

The Apache Software Foundation has released a security update to address a vulnerability in Apache Struts versions 2.0.0 to 2.5.25. A remote attacker could exploit this vulnerability to take control of an affected system.

We encourage users and administrators to review Apache Security Bulletin S2-061 and Apache security advisory for CVE-2020-17530 and apply the necessary update or workaround.

Microsoft Releases December 2020 Security Updates

Tuesday, 8th December 2020

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review Microsoft’s December 2020 Security Update Summary and Deployment Information and apply the necessary updates.

High-Severity Chrome Bugs Allow Browser Hacks

Monday, 7th December 2020

Google has updated its Chrome web browser, fixing four bugs with a severity rating of “high” and eight overall.

Three high-severity bugs each include use-after-free elements impacting memory, tied to Chrome’s clipboard, media and extensions components. The bugs are tracked as CVE-2020-16037, CVE-2020-16038 and CVE-2020-16039.

The fourth high-severity bug (CVE-2020-16040) impacts Google’s open-source and high-performance JavaScript and Web Assembly engine, called V8.

The bug is identified as an insufficient-data-validation flaw, which in some cases opens targets to cross-site scripting attacks.

To manually update your Chrome browser, visit Chrome’s customization drop-down menu in the upper-right hand side of the client. From that menu select “Help” and then “About Google Chrome.” Opening that menu item automatically triggers Chrome to look for updates.

Cisco Releases Security Updates for Security Manager

Tuesday, 17th November 2020

Cisco has released security updates to address vulnerabilities in Cisco Security Manager. A remote attacker could exploit these vulnerabilities to obtain sensitive information.

We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates.