1 of 2: Vulnerability uncovered in Kubernetes open-source container software
A critical privilege-escalation vulnerability (CVE-2018-1002105) has been uncovered in the Kubernetes open-source container software.
A hacker can send specially crafted requests to establish a connection through the Kubernetes API server. Once that connection is established, there’s no check on the ability to send arbitrary requests directly to those backends because the requests will be automatically authenticated with the Kubernetes API server’s TLS credentials used to set up the initial connection.
An attacker can gain deep access into the cloud infrastructure, to carry out any number of nefarious actions. This includes data heists, installing malware, espionage and recon, or changing up production workloads for sabotage purposes.
Kubernetes has issued updates to address the flaw and individual distributions such as Red Hats OpenShift are releasing updates, so users should patch their systems ASAP.
2 of 2: Critical vulnerability found in Adobe Flash player
A critical vulnerability has been found in Adobe Flash player.
The vulnerability found, CVE-2018-15982, is a use-after-free flaw enabling arbitrary code execution in Flash.
Successful exploitation could lead to the attacker having command line access and being able to escalate their privileges.
Adobe has released a patch for the Vulnerability for Windows, Mac, Linux and Chrome OS. Users should patch ASAP.