Overview
Adobe has released three updates to address multiple vulnerabilities. A critical vulnerability (CVE-2023-26369) is currently being exploited by threat-actors.
Mozilla has released a security update to fix a zero-day vulnerability in Mozilla Firefox and Thunderbird. This critical vulnerability (CVE-2023-4863) could lead to a heap buffer overflow if a WebP image is opened.
Cisco has disclosed a zero-day vulnerability (CVE-2023-20269) that affects the VPN feature in both the Cisco Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. A successful attacks could lead to the identification of credentials, which could then be used to by the attacker to initiate a remote-access VPN session. If an old version of software is used, i.e. Cisco ASA Software Release 9.16 or prior, the attacker could establish a clientless SSL VPN session.
Apple is releasing the latest version of IOS, IOS 17 includes enhanced security features such as a 'Lockdown Mode' designed to help protect against sophisticated cyber attacks.
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Adobe – Latest Product Security Updates
Mozilla – Security Advisory
Cisco – Security Advisory
Apple - IOS 17 Guide
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.