Adobe has released security updates that fix critical vulnerabilities, to include one zero-day bug, in its Flash Player for Windows, Macintosh, Linux and Chrome OS.
Security Updates & Patches
Intel said the root cause of the reboot issues have been identified. To that end, the company said customers and partners should not install its current versions of Spectre/Meltdown patches rolled out earlier this month as they “may introduce higher than expected reboots and other unpredictable system behavior.”
Intel made an update yesterday to previously issued security advisory on the Spectre/Meltdown ‘speculation execution’ vulnerabilities that could cause information disclosure on systems running Intel processors.
Oracle has released its Critical Patch Update Advisory for January 2018. The update includes 237 new security fixes for multiple Oracle products to include Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) Intel processor vulnerabilities.
Microsoft issued January 2018 Security Updates that includes patches to fix 16 critical bugs in Microsoft products Office, Word and SharePoint.
Apple released macOS High Sierra 10.13.2 Supplemental Update that includes security improvements to Safari and WebKit to mitigate the effects of Spectre vulnerability (CVE-2017-5753 and CVE-2017-5715). Apple also provided a security update for Safari 11.0.2 for OS X El Capitan 10.11.6 and macOS Sierra 10.12.6, with fixes for the same Spectre vulnerabilities. The MacOS High Sierra update will already upgrade Safari to version 11.0.2 (13604.4.7.1.6) or version 11.0.2 …
Software and hardware vendors have issued advisories and fixes for “Spectre” (speculative execution side-channel attack) and “Meltdown” vulnerabilities, related to recently disclosed CPU processor design flaws.
US-CERT issued a security update regarding the latest Intel processor design flaws. According to the vulnerability note, the CPU hardware implementations are vulnerable to side-channel attacks. The two vulnerabilities are referred to as Meltdown and Spectre. An excerpt from the advisory: “CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. These attacks are described in detail by Google Project …
An OpenEMR vulnerability could expose millions of medical records to attackers. The flaw has been patched with OpenEMR 5.0.0 Patch 6 a couple of weeks ago. Unpatched versions could allow an attacker to steal patient records and personal data by exploiting the vulnerability in the setup.php installation script. OpenEMR is a popular open source electronic health records and medical practice …
On Tuesday, Microsoft issued patches to address 53 vulnerabilities, to include 20 critical fixes, as part of November security updates. Also noteworthy was four of the fixes addressed vulnerabilities with known public exploits (CVE-2017-11848, CVE-2017-11827, CVE-2017-11883 and CVE-2017-8700).