Skip to main content
Criminals are now using the CSC/OCSIA name to facilitate scams referring to cryptocurrency via email. We will only ordinarily communicate with you if you have raised an issue with us.

Overview

Ivanti has reported a critical vulnerability (CVE-2023-35078) that affects all versions of Ivanti Endpoint Manager Mobile (EPMM) (previously known as MobileIron Core).  If exploited, this vulnerability enables an unauthorised, remote (internet-facing) threat-actor to potentially access users’ data and make changes to servers’. Updates are now available to patch this vulnerability. 

Adobe has released a security update to fix three vulnerabilities in the Adobe Cold Fusion web development platform:

  • CVE-2023-29300: a critical vulnerability that could allow an unauthenticated attacker to perform arbitrary code executive, which means that they can gain control over an affected system to perform their own code. This vulnerability is currently being exploited by attackers;
  • CVE-2023-20298: a critical vulnerability that can allow an unauthenticated attacker to bypass Adobe security features by accessing the administration CFM and CFC endpoints;
  • CVE-2023-29301: a medium vulnerability that can allow a bypass of security features, as it undermines the restrictions on excessive authentication attempts.

Apple has reported two zero-day vulnerabilities (CVE-2023-37450 and CVE-2023-38606) affecting multiple products, including iPhones, iPadsOS, Mac computers, Apple watches and Apple TV.  These vulnerabilities are currently being exploited by threat actors.  Apple has released security updates for each affected product. 

Zimbra has reported a zero-day vulnerability (CVE-2023-38750) affecting Zimbra Collaboration Suite email servers.  This flaw could allow an attacker to carry out a reflected cross-site scripting attacks where sensitive information could be stolen or malicious code executed on affected systems.

Recommended Action

Organisations are encouraged to review the appropriate security advisory pages and apply the updates:

Ivanti             Article

Adobe            Security Updates

Apple             Security Advisories

Zimbra           Security Center

 

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.

Topics

  • Advisory
  • Vulnerability
  • Patches and Updates