The Mozilla Foundation has released a security advisory detailing security updates to Firefox and Firefox Extended Service Release (ESR) that addresses vulnerabilities that affect these browser implementations. Mozilla states that the exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are advised to update their versions of Firefox and Firefox ESR to the latest available version with immediate effect.

Oracle has released security updates to address a vulnerability in Java. Oracle states that Java SE versions 6,7, and 8 for Windows are vulnerable. The exploitation of this vulnerability may allow a remote attacker to take control of an affected system. It is important that users and administrators apply the necessary patches to their versions of Java with immediate effect.

The Microsoft Corporation has released a comprehensive security bulletin for the month of February 2016 detailing all known vulnerabilities and the updates that address them. A total of 13 updates were covered in this release that detailed a total of 42 vulnerabilities that were found and patched as required. The software that this update addressed includes Internet Explorer, Microsoft Edge, Microsoft Windows PDF Library, Windows Journal, Microsoft Windows OS, Microsoft Office, WebDAV, and .NET framework.

Google Inc. has released a security update for its popular Google Chrome web browser. This update addresses several vulnerabilities in the previous versions of Google Chrome for Windows, Mac, and Linux. Google states that the exploitation of some of these vulnerabilities may lead to a remote attacker taking control of an affected system. Users and administrators are advised to apply the necessary updates with immediate effect.

The Oracle Corporation has released its Critical Patch Update (a collection of patches for multiple security vulnerabilities) for January 2016. The Security Bulletin released by Oracle states that 248 vulnerabilities have been fixed throughout the range of software produced by the company. The software includes Oracle Database Server, Oracle GoldenGate, Oracle Fusion Middleware, Oracle Enterprise Manager, Oracle E-Business Suite, Oracle Supply Chain Suite, Oracle PeopleSoft Enterprise, Oracle JD Edwards, Oracle iLearning, Oracle Communications Applications, Oracle Java SE, Oracle Sun Systems Products Suite, Oracle Linux and Virtualization, and Oracle MySQL.

Google has released version 48 of its popular web browser Google Chrome. Google’s Stable Channel Update has stated that this update contains 37 security fixes over the previous version. It has been reported that some of the vulnerabilities that have been addressed would allow a remote attacker to take control of an affected system. Therefore, it is imperative that users and administrators run this update on their systems.

Vulnerabilities Addressed

Google has stated that a total of 37 vulnerabilities have been addressed in this update. Although Google does not make public information on vulnerabilities that can be used to exploit them, they have listed the following as High Impact vulnerabilities:

  • CVE-2016-1612: Bad cast in V8
  • CVE-2016-1613: Use-after-free in PDFium

New Version Released

The new version of Google Chrome released is Chrome 48.0.2564.82.

Recommended Course of Action

It is highly recommended that users and administrators install the newest version of Chrome on their computers with immediate effect. It is also recommended that automatic upgrades are enabled across all computers with Google Chrome installed in order to have the latest version of Chrome on those computers as and when they are available.

More Information

Google Chrome’s Stable Channel Update detailing the release of Chrome version 48.0.2564.82 is available on page http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html . For more information on the security fixes, see the Chromium Security Page at http://sites.google.com/a/chromium.org/dev/Home/chromium-security .
A comprehensive list of changes (that have been made public) is available on the log, located on page https://chromium.googlesource.com/chromium/src/+log/47.0.2526.111..48.0.2564.82?pretty=fuller&n=10000

Cisco has released security updates to address multiple vulnerabilities in several of its products. These products include Modular Encoding Platform D9036 software, Unified Computing System (UCS) Manager software, and Firepower 9000 Series devices. Cisco states that the exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are therefore advised to apply the necessary updates as early as possible.

It has been brought to our attention that there is a vulnerability in the Linux Kernel that will affect Linux PCs as well as Android-based devices. It has been reported that the exploitation of this vulnerability may allow an attacker to take control of an affected system. Users and administrators are advised to apply the necessary updates for their version/ flavor of Linux.

The Internet Systems Consortium (ISC) has released security updates to address tow vulnerabilities in BIND, the web’s most widely used Domain Name System (DNS). Exploitation of this vulnerability may allow a remote attacker to cause a denial of service condition. This vulnerability can therefore be classed as one of Critical Impact, and should therefore be addressed as early as possible.

Tech Giant Apple has released a wave of security updates to address multiple vulnerabilities in several products. These products include OS X El Capitan, Safari Browser and iOS. Apple states that these security updates are critical since they address vulnerabilities that may allow a remote attacker to take control of a system. Users are encouraged to apply the necessary updates with immediate effect.

footerimage

Member of

logo apcertfirst logo-2

Collaborated with

apwg2ICTA logo2ack cymru

Our Partners
lanka-certify-logoDark-Lab-Logo2contact