Apple releases security updates to prevent numerous vulnerabilitiesSituationApple has released security updates across its software platforms to prevent numerous vulnerabilities. Problem Apple has found multiple vulnerabilities in iTunes for Windows, iPadOS, iOSSafari, watchOS, tvOS, macOS Catalina, macOS Mojave, macOS High Sierra, and Xcode. This could allow the possibility of remote takeover or control of the devices and software. Implication A remote attacker could exploit these vulnerabilities in the unpatched software and take control of the device, steal information, or use the device to pivot into the network it’s hosted on. Need Users are encouraged to apply all updates and ensure they are properly installed. In some cases devices will need to be rebooted for proper installation. Learn More https://www.us-cert.gov/ncas/current-activity/2020/03/25/apple-releases-security-updates |
|
|
|
Type 1 Font Parsing Remote Code Execution VulnerabilitySituation Microsoft is working on patching a Critical Vulnerability found in Windows 8.x, Windows Server 2008, Windows Server 2008R2, Windows Server 2012, and Windows Server 2012R2 systems where an exploit can be used in the way Windows handles and renders fonts. Currently there is no patch available but is expected to be released during the next Patch Tuesday. Windows 7 systems are vulnerable but only certain Enterprise customers with extended Security Support will receive patches for Windows 7 systems. This vulnerability also affects the Windows 10 family of clients and servers but the threat is low for those systems. Problem There is a vulnerability in Windows when Adobe Type Manager Library improperly handles a specially-crafted multi-master font that allows a remote attacker to craft a malicious document with malicious code embedded within it. When the user previews the file in Windows Preview pane or opens the document it will run the malicious code and potentially compromise the machine. Implication Using a targeted attack, a remote attacker could send a document file with malicious code to execute on the machine when the file is viewed in Windows Preview pane or when the document is opened. Need Microsoft recommends patching all affected systems when patches are available. For users with Windows 7 systems, Microsoft recommends upgrading to a supported version of the Windows 10 family of clients and servers. For additional information please visit: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006#march-23-flaw |