Security News

VMware this week announced the availability of a security patch for VMware View Planner, to address a vulnerability leading to remote code execution. With the release of View Planner 4.6 Security Patch 1 on March 2, VMware fixes CVE-2021-21978, an issue that could allow an attacker to execute code remotely.

Google this week announced the release of patches for 37 vulnerabilities as part of the Android security updates for March 2021, including a fix for a critical flaw in the System component. Tracked as CVE-2021-0397 and affecting Android 8.1, 9, 10, and 11 releases, the security issue could allow an attacker to execute code remotely on a vulnerable device.

Google's cybersecurity research unit Project Zero on Wednesday disclosed the details of a recently patched Windows vulnerability that can be exploited for remote code execution. Dominik Röttsches of Google and Mateusz Jurczyk of Google Project Zero have been credited for reporting the issue to Microsoft.

VMware has revealed a critical-rated bug in the HTML5 client for its flagship vSphere hybrid cloud suite. "The vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin," says VMware's notification.

IBM has patched a critical buffer-overflow error that affects Big Blue's Integration Designer toolset, which helps enterprises create business processes that integrate applications and data. "By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash," according to IBM's Monday security advisory.

An update released last week by Mozilla for Firefox 85 patches a critical information disclosure vulnerability that can be chained with other security flaws to achieve arbitrary code execution. In its advisory for the vulnerability - the bug currently does not have a CVE identifier - Mozilla described it as a "Buffer overflow in depth pitch calculations for compressed textures." The issue, reported by researchers Abraruddin Khan and Omair through Trend Micro's Zero Day Initiative, apparently only impacts Firefox running on Windows - other operating systems are not affected.

Cisco has addressed multiple pre-auth remote code execution vulnerabilities affecting several small business VPN routers and allowing attackers to execute arbitrary code as root on successfully exploited devices. The security bugs with a severity rating of 9.8/10 were found in the web-based management interface of Cisco small business routers.

The most severe of these could allow trivial remote code execution with high privileges. The most critical bug does not require local access and allows complete control over SolarWinds Orion remotely without having any credentials at all.

Industrial control software from Fuji Electric is vulnerable to several high-severity arbitrary code-execution security bugs, according to a federal warning. The two make up a comprehensive human-machine interface system, used to remotely monitor and collect production data in real time, and control a variety of industrial and critical-infrastructure gear.

VideoLan released VLC Media Player 3.0.12 for Windows, Mac, and Linux last week with numerous improvements, features, and security fixes. This release is a significant upgrade for Mac users as it provides native support for Apple Silicon and fixes audio distortion in macOS. In addition to bug fixes and improvements, this release also fixes numerous security vulnerabilities reported by Zhen Zhou of the NSFOCUS Security Team.