Weekly Vulnerabilities Review (September 5 – September 11)
Weekly Vulnerabilities Review (September 5 – September 11)

Let’s take a look at a brief overview of new cybersecurity solutions from last week. In the spotlight: Microsoft, Adobe, Mozilla, GitHub, Socomec, Cisco, Google, Apple.

Microsoft has unveiled patches for 59 vulnerabilities across its product range, with two zero-days being actively leveraged by cyber adversaries.

Adobe’s September 2023 Patch Tuesday rolls out a crucial fix for a glaring security gap in Acrobat and Reader, which, if exploited, could let attackers run malicious code on vulnerable systems.

On Tuesday, Mozilla launched corrective measures for a pressing zero-day weakness in Firefox and Thunderbird. This vulnerability, already being harnessed in real-world attacks, comes just a day after Google patched the same issue in Chrome.

Fresh research has spotlighted a vulnerability in GitHub that potentially placed thousands of repositories in the crosshairs of repojacking strikes. The glitch “creates an avenue for attackers to take advantage of a race condition during GitHub’s repo initiation and user renaming processes,” stated Checkmarx researcher Elad Rapoport in a report furnished to The Hacker News.

Certain uninterrupted power supply (UPS) units produced by Socomec, a French electrical gear maker with a focus on low-voltage energy efficacy, have vulnerabilities that could be weaponized to commandeer and interrupt devices. Socomec’s UPS devices are pivotal to various global business sectors.

This week, Cisco sounded the alarm over a zero-day vulnerability in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software, a chink in the armor exploited in recent Akira ransomware onslaughts. Identified as CVE-2023-20269 with a moderate severity score of 5.0, the vulnerability resides in Cisco ASA and FTD’s remote access VPN and can be remotely abused sans authentication through brute force methods.

Google kicked off Monday with a swift security patch for Chrome 116, addressing its fourth zero-day for 2023. Recognized as CVE-2023-4863 and stamped with ‘critical severity’, it deals with a heap buffer overflow concern in the WebP segment.

On Thursday, Apple expedited a pivotal update for its premier iOS and macOS ecosystems to mend two security chinks being actively exploited. The rectifications, embedded in the newest iOS 16.6.1 and macOS Ventura 13.5.2 editions, tip a hat to the Citizen Lab from The University of Toronto’s Munk School, indicating use in commercial-grade surveillance spyware tools.