Not just one patch, but a whole batch!: Patch Tuesday - Week 2, February 2019

Adobe

The multimedia software maker fixed 75 critical vulnerabilities found across all its popular products. Out of this, 43 flaws were from Adobe Acrobat and Reader.

Adobe also issued a temporary fix to a serious zero-day vulnerability that allowed attackers to steal hashed password values. Other products include Adobe Flash Player, Adobe ColdFusion, and Adobe Creative Cloud Desktop Application. Users can read the security advisories on the Adobe website.

Apple

Apple has released three major updates for iOS 12.1.4 and macOS Mojave 10.14.3. These updates fixed a total of 9 vulnerabilities were patched. Flaws included escalated privilege, sandbox bugs, and arbitrary code execution on Apple devices. The company has also fixed the infamous Group Facetime bug.

Learn more about the updates at the Apple website.

AWS

The cloud computing platform provider has acknowledged a container runtime vulnerability affecting its container management systems. AWS has advised users to keep the following services updated.

• Amazon Linux
• Amazon Elastic Container Service (Amazon ECS)
• Amazon Elastic Container Service for Kubernetes (Amazon EKS)
• AWS Fargate
• AWS IoT Greengrass
• AWS Batch
• AWS Elastic Beanstalk
• AWS Cloud9
• AWS SageMaker
• AWS RoboMaker
• AWS Deep Learning AMI

The official security bulletin for the same can be found on the AWS site.

Cisco

Cisco has released a patch for a serious vulnerability that existed in one of its products. This flaw enabled attackers to gain unauthorized access in the web interface of Cisco Network Assurance Engine (NAE). The company informed that the flaw was due to a fault in the password management system of NAE.

You can find the information on the patch at the Cisco site.

Microsoft

In its February security release, Microsoft issued updates for 13 software. Altogether, 22 serious vulnerabilities were addressed with these software updates.

Following are the software covered with the latest security updates:

• Adobe Flash Player
• Internet Explorer
• Microsoft Edge
• Microsoft Windows
• Microsoft Office and Microsoft Office Services and Web Apps
• ChakraCore
• .NET Framework
• Microsoft Exchange Server
• Microsoft Visual Studio
• Azure IoT SDK
• Microsoft Dynamics
• Team Foundation Server
• Visual Studio Code

The February 2019 Security Updates release notes can be found here.

SAP

As part of its ‘Security Patch Day’, SAP released 13 security notes for its products. This saw 14 vulnerabilities being patched. Most of the vulnerabilities were related to cross-site scripting (XSS) and missing authentication checks in SAP products.

The Patch Day Security notes for February 2019, can be found here.

Ubuntu

Ubuntu released patches for three new vulnerabilities as listed below.

• USN-3888-1: GVfs vulnerability - Systems running Ubuntu 18.10 & 18.04 LTS were affected. The flaw allowed unauthorized access to sensitive information.
• USN-3887-1: snapd vulnerability - Systems running Ubuntu 18.10, 18.04 LTS, 16.04 LTS & 14.04 LTS were affected. The flaw allowed software packaging tool snapd to take over programs as an administrator.
• USN-3886-1: poppler vulnerabilities - Systems running Ubuntu 18.10, 18.04 LTS, 16.04 LTS & 14.04 LTS were affected. Flaw could allow denial-of-service attack through poppler program.