Security News

Vulnerabilities discovered in some older Schneider Electric PowerLogic products can allow hackers to remotely take control of devices or disrupt them. Schneider informed customers earlier this month that its PowerLogic EGX100 and EGX300 communication gateways are affected by six types of vulnerabilities that could be exploited to access devices, launch denial-of-service attacks, and for remote code execution.

Apple has released a security update for older iDevices to fix three vulnerabilities, two of which are zero-days that are apparently actively exploited in attacks in the wild. The security update is iOS 12.5.4, which can still be run on older iDevices: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch.

56% of all Microsoft critical vulnerabilities could have been mitigated by removing admin rights, according to the 2021 BeyondTrust Microsoft Vulnerabilities Report. The total number of vulnerabilities in Microsoft products reached an all-time high of 1,268 in 2020, a 48% increase year over year, according to a new report.

Cisco's Talos team said 35% of incidents led back to Microsoft Exchange Server vulnerabilities reported early in 2021, but new ransomware families have been appearing to fill the Emotet hole, too. Cisco's Talos Intelligence Group has released its incident response trends report for spring 2021, and found that Microsoft Exchange Server vulnerabilities reported in early 2021 were the most detected incident over the past three months.

Intel this week announced the availability of patches for 73 vulnerabilities identified across multiple products, including several high-severity flaws that can be exploited to escalate privileges. The most severe of the newly addressed flaws is a high-severity incomplete cleanup issue in Intel VT-d products that could allow an authenticated user to enable escalation of privilege via local access.

Industrial automation giants Siemens and Schneider Electric on Tuesday released several security advisories to inform customers about tens of vulnerabilities affecting their products. The eight new advisories released by Siemens on this Patch Tuesday cover roughly two dozen vulnerabilities affecting its Simcenter Femap, SIMATIC TIM, Solid Edge, SIMATIC NET, Mendix, JT2Go, Teamcenter Visualization, and SIMATIC RF products.

German software maker SAP this week released 17 new security notes documenting security vulnerabilities being fixed as part of the company's June 2021 SAP Security Patch Day. SAP NetWeaver received the largest number of patches with a total of 10 security notes documenting and resolving vulnerabilities.

Intel has addressed 73 security vulnerabilities as part of the June 2021 Patch Tuesday, including high severity ones impacting some versions of Intel's Security Library and the BIOS firmware for Intel processors. Intel detailed the security flaws in the 29 security advisories published today on its Product Security Center.

Adobe has released a giant Patch Tuesday security update release that fixes vulnerabilities in ten applications, including Adobe Acrobat, Reader, and Photoshop. Out of all the Adobe security updates released today, Adobe After Effects had the most fixes, with 16 vulnerabilities.

Google this week announced the availability of the latest monthly security patches for the Android operating system, which address more than 50 vulnerabilities, including several rated critical severity. The bug affects Android 8.1, 9, 10, and 11 iterations, the same as another critical flaw in the System component - CVE-2021-0516 - which could lead to elevation of privileges.