Security News

SolarWinds has released security updates to address four vulnerabilities impacting the company's Orion IT monitoring platform, two of them allowing attackers to execute arbitrary code remotely. The highest severity security flaw patched by SolarWinds on Thursday is a critical JSON deserialization bug that remote attackers can exploit to execute arbitrary code through Orion Platform Action Manager's test alert actions.

Cisco this week announced the release of software updates that address several vulnerabilities in Jabber for desktop and mobile platforms, the most severe of which could be abused to execute arbitrary code with elevated privileges. The bugs impact Cisco Jabber for Windows, macOS, and mobile platforms, and are not dependable to one another.

Solarwinds has shipped a major security update to fix at least four documented security vulnerabilities, including a pair of bugs that be exploited for remote code execution attacks. The patches were pushed out Thursday as part of a minor security makeover of the Orion Platform, the same compromised Solarwinds product that was exploited in recent nation-state software supply chain attacks.

One of the vulnerabilities addressed by the latest update for Apache OFBiz is an unsafe Java deserialization issue that could be exploited to execute code remotely, without authentication. A Java-based web framework, Apache OFBiz is an open source enterprise resource planning system that includes a suite of applications to automate business processes within enterprise environments, and which can be used across any industry.

Adobe has released out-of-band security updates to address a critical vulnerability impacting ColdFusion versions 2021, 2016, and 2018. Today's emergency updates patch an arbitrary code execution security flaw caused by an Improper Input Validation software vulnerability.

Adobe has issued patches for a slew of critical security vulnerabilities, which, if exploited, could allow for arbitrary code execution on vulnerable Windows systems. Affected products include Adobe's Framemaker document processor, designed for writing and editing large or complex documents; Adobe's Connect software used for remote web conferencing; and the Adobe Creative Cloud software suite for video editing.

Adobe on Tuesday announced that it has patched critical code execution vulnerabilities in its Connect, Creative Cloud, and Framemaker products. In the Creative Cloud desktop application, Adobe fixed three flaws rated critical, including arbitrary file overwrite and OS command injection issues that can lead to code execution, and an improper input validation issue that can be exploited for privilege escalation.

Apple on Monday released patches for a vulnerability in WebKit that could allow attackers to execute code remotely on affected devices. To exploit the vulnerability, an attacker would simply need to craft a webpage containing malicious code, and then lure the victim into accessing that webpage, which would trigger the execution of code onto the victim's machine.

Apple is rolling out fixes for a high-severity vulnerability in its WebKit browser engine that, if exploited, could allow remote attackers to completely compromise affected systems. Apple on Monday urged affected device users to update as soon as possible: "Keeping your software up-to-date is one of the most important things you can do to maintain your Apple product's security," said the company on Monday.

VMware this week announced the availability of a security patch for VMware View Planner, to address a vulnerability leading to remote code execution. With the release of View Planner 4.6 Security Patch 1 on March 2, VMware fixes CVE-2021-21978, an issue that could allow an attacker to execute code remotely.