Overview
Google has released a security update addressing flaws in Google Chrome one critical- and three high-severity vulnerabilities. The critical vulnerability is a ‘use after free’ flaw and affects Autofill, where personal data and payment information is automatically filled-in for the person completing a form. An attacker can exploit ‘use after free’ vulnerabilities to change or input data to their benefit.
Adobe has released security updates addressing vulnerabilities in Adobe Experience Manager, Adobe Commerce, Adobe Animate and Adobe Substance 3D Designer
Citrix has released security updates addressing multiple vulnerabilities affecting Citrix ADC, Citrix Gateway, ShareFile Storage Zones and Citrix Virtual Apps and Desktops
Progress has released new updates for MOVEit Transfer and MOVEit Cloud to fix a newly-found SQL-injection vulnerability. This vulnerability could allow an attacker to gain access remotely and possibly discover information about a MOVEit database.
Apple has released eight security advisories to address vulnerabilities in multiple products where an attacker might exploit some of these vulnerabilities to take control of a vulnerable system. The vulnerabilities may have been actively exploited in products including iOS, iPadOS, Safari, watchOS and macOS. These vulnerabilities could allow a remote attacker to execute arbitrary code.
Cisco has released security updates to address one High and four Medium severity vulnerabilities. The high severity vulnerability involves the client update feature of AnyConnect Secure Mobility Client Software for Windows and Secure Client Software for Windows and could allow a low-privileged, authenticated, local attacker to escalate privileges. It involves Duo Two-Factor Authentication for macOS which could allow and authenticated physical attacker to bypass secondary authentication and access an affected macOS device.
Recommended Action
Organisations are encouraged to review the appropriate security-advisory pages and apply the updates:
Google - Security Update
Adobe – Security Update
Citrix - Support Knowledge Centre
Progress – Transfer article and Cloud article
Apple – Security Advisory
Cisco – Security Update
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.