Skip to main content
Criminals are now using the CSC/OCSIA name to facilitate scams referring to cryptocurrency via email. We will only ordinarily communicate with you if you have raised an issue with us.

Overview

ownCloud have released security advisories to address three critical vulnerabilities (CVE-2023-49103, CVE-2023-49105 and CVE-2023-49104), with base scores of 10.0, 8.7 and 9.8 respectively. Affected platforms are graphapi 0.2.0 – 0.3.0, core 10.6.0 - 10.13.0, and all oauth2 versions prior to 0.6.1. CVE-2023-49103 allows unauthenticated, remote attackers to access information, including ownCloud administration passwords, mail server credentials, and license keys. There is evidence of active exploitation in the wild. CVE-2023-49105 allows attackers to redirect call-backs to a Top Level Domain controller. CVE-2023-49104 could allow unauthorised attackers to access, modify, or delete files if the username is known, and there is no configured signing-key.

Foxit has released security updates to address multiple vulnerabilities in Foxit Reader and Foxit PDF Editor. All vulnerabilities can be exploited, allowing attackers to perform remote code execution. Six vulnerabilities (CVE-2023-38573, CVE-2023-32616, CVE-2023-35985, CVE-2023-41257, CVE-2023-40194 and CVE-2023-39542) have an assigned base score of 8.8.

Apple has released security updates to address two vulnerabilities (CVE-2023-42916 and CVE-2023-42917) affecting the following platforms:

  • Safari – all versions prior to 17.1.2
  • iOS – all versions prior to 17.1.2
  • iPad OS – all versions prior to 17.1.2
  • macOS Sonoma – all versions prior to 14.1.2

CVE-2023-42916 can allow attackers to access and read sensitive, confidential information. CVE-2023-42917 could allow attackers to perform arbitrary code execution, giving them the capability to establish complete control over the targeted system.

Atlassian has released an update to their Assets Discovery (formally Insight Discovery) scanning tool that addresses the vulnerability CVE-2023-22523. This is a critical vulnerability with a CVSS score of 9.8,which allows for Remote Code Execution (RCE).

Recommended Action

Organisations are encouraged to review the appropriate security advisory pages and apply the updates:

ownCloudSecurity Advisory

Foxit Security Bulletin

Apple Security Advisory

Atlassian – Security Advisory

 

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.

Topics

  • Advisory
  • Vulnerability
  • Patches and Updates