15/5/2019 Security Advisory

      2 Comments on 15/5/2019 Security Advisory

In this advisory:

  • The WhatsApp security scare
  • Windows Updates
  • Adobe Updates
  • Apple Updates
  • Citrix Vulnerabilities
  • Debian Updates
  • RedHat Updates

The WhatsApp security scare

Recent news has surfaced with headlines claiming that millions of WhatsApp users have been compromised with a recent hack.
The truth is that the hack exploits a flaw in WhatsApp that allows an attacker to append code to the end of a call initiation signal that can covertly install software on a vulnerable system without the target knowing or even needing to interact with the device.
This active exploit has been attributed to an Israeli security contractor that has a history of selling surveillance to nation states although some regard this as speculation.
The targets seem to be specific individuals of interest (politicians, human rights advocates, journalists etc.) and the larger WhatsApp user base does not seem to be a concern at this point. Unless you are somehow annoying a country, I don’t think you can expect to have your smartphone listening in courtesy of the WhatsApp exploit.
A patch to mitigate this security flaw has been issued and all WhatsApp users are advised to check and apply any outstanding updates. This applies to all platforms including mobile and desktop systems.

Windows Updates

The second Tuesday of the month has come and gone and we had the update fairy pay us a visit leaving some 89 patches in our update queues.
The most severe of the vulnerabilities scored a 9.8 out of 10, 23 of the 89 patches are rated as critical, 2 are publicly disclosed and 1 is under active exploitation.
Windows 10 1803 carries the largest number of patches (27) followed by Windows Server 2019 (25) and Windows 10 1709 (23) comes in a close-ish 3rd.
All users are strongly advised to check all systems for updates and ensure that they are applied ASAP. A restart within the next 24 hours is advised.

Adobe Updates

As usual, with a Microsoft Update we expect an update from Adobe covering vulnerabilities in Media Encoder, Flash Player, Acrobat, Acrobat Reader, Bridge CC to name a few.
If you have any Adobe products, please check for updates.
If you are still using Adobe Flash Player or Adobe Shockwave by choice, you may have some life decisions to reconsider.

Apple Updates

Not to be left out of the update party, Apple has decided that will bring updates to iOS (12.3), MacOS (10.14.5), tvOS (12.3) and watchOS (5.2.1).
These updates address security issues as well as package in additional functionality.
Now the cool kids have something to update with the rest of us.

Citrix Vulnerabilities

Citrix Workspace app and Receiver for Windows have had a remote code execution vulnerability patched that could allow an attacker read/write access to a local drive.
If you use either application from Citrix, please check and apply updates found in the official bulletin. (https://support.citrix.com/article/CTX251986)

Debian Updates

Debian has released updates for ghostscript and symphony. Go apt-get update/upgrade as soon as you can.

RedHat Updates

Updates for python, ruby, java, bind, thunderbird and others are now available for RedHat.

There have been a few bad emails getting around. Most of them are obvious with a couple needing a close look.
The same rule applies : If in doubt, let Ben sort it out.

2 comments on “15/5/2019 Security Advisory

  1. [redacted]

    Woah! I’m really enjoying the template/theme off thjs site.
    It’s simple,yet effective. A lot of times it’s very hard to get that
    “perfect balance” between superb usability and visual appearance.
    I must say you have done a very good job with
    this. Also, thhe blog loads very quick for me onn Opera.
    Superb Blog! [redacted]

    Reply
    1. Ben Aylett Post author

      Thanks for the feedback. I agonised over finding the right theme for this site. I wanted to get as much content as possible on the front page for visitors and I was happy when I found this template.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.