![]() ![]() Security researchers believe mass exploitation attempts against WS_FTP have begun.Chrome zero-day bug that is actively being abused by bad folks affects Edge, Vivaldi, and other Chromium-tinged browsers.New VS Code release hits stable channel for everyone who's not on Apple Silicon after last-minute bug found.In case there was any doubt about using legacy Edge, Microsoft 365 throws its weight behind WebView2.Like the latest one added to CISA's KEV Catalog, this was also a heap buffer overflow issue but affected a different open source library, libwebp, one developed by Google to encode and decode WebP images. Google has been busily patching zero-days in Chrome throughout September, including a similar-looking vulnerability at the start of the month, tracked as CVE-2023-4863. Users should upgrade to versions 1.9.0-1+deb11u1 and 1.12.0-1+deb12u1 respectively to secure against CVE-2023-5217. It additionally revealed that "certain versions" of Microsoft Teams and Skype are also vulnerable to CVE-2023-5217, saying "Microsoft is working to identify and address this vulnerability as soon as possible."ĭebian has released security updates for its oldstable (bullseye) and stable (bookworm). Microsoft's advisory indicated that its Chromium-based Edge browser was originally vulnerable to the bug too, but has been secured in the latest stable and extended stable versions, 1.47 and 1.98 respectively. The scope of the vulnerability is wider than only Google Chrome, just as it was originally thought.Īrch Linux provided a list of the 29 open source packages that require libvpx. Google's advisory instructed users to apply its stable channel update for Windows, Mac, and Linux – version 1.132 – which will be made available "over the coming days and weeks". "CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria," it added. ![]() Patch nowĪlthough the mitigation deadlines outlined in the KEV Catalog apply only to FCEB agencies, CISA urged all organizations to apply the recommended fixes in a "timely" way. "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA said in its alert. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |