Apple has released security updates for iOS 13.3 and macOS Catalina 10.15.2, as well as other products to include Safari, watchOS, tvOS, iTunes, iCloud and Xcode.
Adobe has released security updates for multiple products to include Adobe Acrobat and Reader, Photoshop CC, ColdFusion and Brackets.
Google has released Chrome 79 (version 79.0.3945.79) for Windows, Mac and Linux. The update includes a number of fixes and improvements in the popular browser. The company also added a Chrome browser update for Android.
Microsoft issued the December 2019 Security Updates that include 36 unique vulnerability fixes, 7 of those rated critical and 29 rated important. One of the patches addresses a Win32k vulnerability under active attack in the wild.
VMware has released security updates to address a Critical OpenSLP remote code execution vulnerability (CVE-2019-5544) in ESXi and Horizon DaaS.
Microsoft has issued a security advisory for vulnerability CVE-2017-15361 that impacts certain Trusted Platform Module (TPM) chipsets and used for Windows Hello for Business. The company issued steps to detect and mitigate the issue.
The Mozilla Foundation has released Firefox 71 that addresses multiple vulnerabilities. Attackers could exploit some of the vulnerabilities to take control of impacted systems.
Researchers at FireEye have spotted an uptick in active exploits of CVE-2017-11774, an Outlook security feature bypass vulnerability. Attackers are also actively reversing Outlook vulnerability patch functionality. To help protect against such exploits, FireEye has provided Outlook hardening guidelines.
Security researchers have discovered a dangerous Android vulnerability dubbed “StrandHogg” under active attack by dozens of malicious apps. To add, 500 of the most popular apps may also be vulnerable to the StrandHogg vulnerability.
The National Institute of Standards and Technology (NIST) has issued new Security-Focused Configuration Management of Information Systems guidelines (SP 800-128).