Apple Releases Security patch for Webkit Vulnerability
Description:
Start writing here...Apple has issued security updates for iOS, macOS, and iPadOs patching a zero-day security vulnerability in its Webkit browser engine. The update has addressed the CVE-2022-22620 vulnerability. The detail of the vulnerability is yet to be disclosed. At the moment, Apple has explained that the vulnerability belongs to the Use-After-Free class. Thus, it is related to the incorrect use of dynamic memory during program execution. Apple says it is fixed by implementing better memory management.
CVE-IDs:
CVE-2022-22620
Source:
Impact:
The vulnerability allows the threat actor to create malicious web content, processing of which may lead to arbitrary code execution.
Suggestions and Recommendations:
Apple has released the patch for the vulnerability. All Apple users are highly recommended to install the latest patch available.
Critical Zero-Day Vulnerability Patch Released by Adobe
Description:
Adobe has released security updates for its Commerce and Magento Open-Source products. The vulnerability tracked as CVE-2022-24086 was disclosed by Sansec and has been characterized as an Improper Input Validation. This vulnerability can be weaponized to achieve arbitrary code execution and affects Adobe Commence and Magento Open Source 2.4.3-p1 and earlier versions as well as 2.3.7-p2 and earlier versions. Adobe Commerce 2.3.3 and lower are not vulnerable.
CVE-IDs:
CVE-2022-24086
Source:
Critical Magento 0-Day Vulnerability Under Active Exploitation — Patch Released (thehackernews.com)
Impact:
An attacker can leverage the vulnerability to achieve arbitrary code execution.
Suggestions and Recommendations:
Hackers are actively exploiting this vulnerability. If you are using this technology then we suggest installing the latest patch
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software
Description:
Cassandra is a highly scalable, distributed NoSQL database that is extremely popular due to the benefits of its distributed nature. Cassandra is used by enterprises such as Netflix, Twitter, Urban Airship, Constant Contact, Reddit, Cisco, OpenX, Digg, CloudKick, Ooyala, and more. Cassandra is also extremely popular in DevOps and cloud-native development circles, as can be seen by its support in CNCF projects (such as Jaeger).
Some companies even provide cloud-based turnkey solutions based on Cassandra, such as DataStax (a serverless, multi-cloud DBaaS).
CVE-IDs:
CVE-20221-44521
Source:
CVE-2021-44521: RCE Vulnerability in Apache Cassandra (jfrog.com)
Impact:
It could be abused to gain remote code execution on affected installations.
Suggestions and Recommendations:
We highly recommend that all Apache Cassandra users upgrade to one of the following versions, which resolves CVE 2021-44521:
- 3.0.x users should upgrade to 3.0.26
- 3.0.x users should upgrade to 3.0.26
- 4.0.x users should upgrade to 4.0.2
Critical Security Flaws in Moxa's MXview web-based network management system
Description:
Several security vulnerabilities affecting the Moxa MXview web-based network management system have been disclosed on software version 3.X to 3.2.2 are affected. According to the Claroty researchers, successful exploitation of these vulnerabilities may allow an unauthenticated remote attacker to execute code on a hosting machine with the highest privileges available.
CVE-IDs:
CVE-2021-38452, CVE-2021-38460, CVE-2021- 38458, CVE-2021-38454, CVE-2021-38456, CVE2021-38454
Source:
Impact:
Threat Actors can chain these vulnerabilities to gain remote code execution.
Suggestions and Recommendations:
Moxa’s Users are suggested to upgrade to
the latest version