Please see Security Advisories for the week ending June 18, 2021
- Google Releases Security Updates for Chrome
- Cisco Releases Security Updates for Multiple Products
- Apple Releases Security Updates for iOS 12.5.4
_______________________________
Google Releases Security Updates for Chrome
Situation
Google has released Chrome version 91.0.4472.114 for Windows, Mac, and Linux. The Stable channel has been updated to 91.0.4472.114 for Windows, Mac and Linux which will roll out over the coming days/weeks.
Problem
This update includes 4 security fixes: High CVE-2021-30554: Use after free in WebGL (Google is aware that an exploit for CVE-2021-30554 exists in the wild), High CVE-2021-30555: Use after free in Sharing, High CVE-2021-30556: Use after free in WebAudio, and High CVE-2021-30557: Use after free in TabGroups.
Note: Access to bug details and links may be kept restricted until most users are updated with a fix.
Implication
An attacker could exploit these vulnerabilities to take control of an affected system.
Need
CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2021/06/18/google-releases-security-updates-chrome
For a more technical overview:
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html
________________________________
Cisco Releases Security Updates for Multiple Products
Situation
Cisco has released security updates to address vulnerabilities in multiple Cisco products, specifically: Cisco Email Security Appliance & Web Security Appliance, Cisco DNA Center, Cisco Small Business 220 Series Smart Switches, Cisco AnyConnect Secure Mobility Client, Cisco Meeting Server, Cisco Jabber Desktop and Mobile Client, and Cisco Unified Intelligence Center.
Problem
These vulnerabilities include certificate validation (Cisco Email Security Appliance, Web Security Appliance, and Cisco DNA Center), module DLL hijacking (Cisco AnyConnect Secure Mobility Client), API Denial of Service (Cisco Meeting Server), reflected cross-site scripting (Cisco Unified Intelligence Center), and shared file manipulation (Cisco Jabber Desktop and Mobile Client).
Implication
An attacker could exploit these vulnerabilities to take control of an affected system.
Need
CISA encourages users and administrators to review the relevant Cisco advisories and apply the necessary updates where applicable.
For a brief overview:
For a more technical overview:
https://tools.cisco.com/security/center/publicationListing.x
________________________________
Apple Releases Security Updates for iOS 12.5.4
Situation
Apple has released security updates to address vulnerabilities in iOS 12.5.4.
Problem
These vulnerabilities include memory corruption issues (CVE-2021-30737 and CVE-2021-30761) and use-after-free issues (CVE-2021-30762) that could lead to arbitrary code execution on the following devices: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod Touch (6th generation).
Implication
An attacker could exploit these vulnerabilities to take control of an affected system.
Need
CISA encourages users and administrators to review the Apple security update and apply the necessary updates.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2021/06/15/apple-releases-security-updates-ios-1254
For a more technical overview: