1 of 2: Vulnerability uncovered in Kubernetes open-source container software
Situation
A critical privilege-escalation vulnerability (CVE-2018-1002105) has been uncovered in the Kubernetes open-source container software.
Problem
A hacker can send specially crafted requests to establish a connection through the Kubernetes API server. Once that connection is established, there’s no check on the ability to send arbitrary requests directly to those backends because the requests will be automatically authenticated with the Kubernetes API server’s TLS credentials used to set up the initial connection.
Implication
An attacker can gain deep access into the cloud infrastructure, to carry out any number of nefarious actions. This includes data heists, installing malware, espionage and recon, or changing up production workloads for sabotage purposes.
Need
Kubernetes has issued updates to address the flaw and individual distributions such as Red Hats OpenShift are releasing updates, so users should patch their systems ASAP.
2 of 2: Critical vulnerability found in Adobe Flash player
Situation
A critical vulnerability has been found in Adobe Flash player.
Problem
The vulnerability found, CVE-2018-15982, is a use-after-free flaw enabling arbitrary code execution in Flash.
Implication
Successful exploitation could lead to the attacker having command line access and being able to escalate their privileges.
Need
Adobe has released a patch for the Vulnerability for Windows, Mac, Linux and Chrome OS. Users should patch ASAP.