Advisories and Patches for June 2018





Published on : 05 July, 2018

Find below a consolidated list of various Advisories and Patches released during the month of June 2018

SNo. Advisory/Alert Description
01. macOS High Sierra 10.13.5
Security Update 2018-003 Sierra
Security Update 2018-003 El Capitan
Apple has released a security update for macOS High Sierra and supplemental updates for Sierra and El Capitan to address multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system.
02. cisco-sa-20180606-prime-rmi, cisco-sa20180606-aaa, cisco-sa-20180606-wsa, ciscosa-20180606-prime-sql, cisco-sa-20180606- prime-password-reset, cisco-sa-20180606- prime-password-recovery, cisco-sa-20180606- prime-bypass, cisco-sa-20180606-primeaccess, cisco-sa-20180606-nso, cisco-sa20180606-multiplatform-sip, cisco-sa20180606-diskdos, cisco-sa-20180606-cms-id, cisco-sa-20180606-asaftd Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
03. -- Zip Slip is a widespread critical archive extraction vulnerability, allowing attackers to write arbitrary files on the system, typically resulting in remote command execution.
04. APSB18-19 Adobe has released security updates to address vulnerabilities in Flash Player. A remote attacker could exploit these vulnerabilities to take control of an affected system.
05. Firefox 60.0.2
Firefox ESR 52.8.1/60.0.2
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit these vulnerabilities to take control of an affected system.
06. 67.0.3396.79 Google has released Chrome version 67.0.3396.79 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.
07. Microsoft June 2018 Security Update Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
08. VMSA-2018-0015 VMware has released a security update to address a vulnerability in VMware AirWatch Agent. A remote attacker could exploit this vulnerability to take control of an affected system.
09. AA-01616 The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to obtain sensitive information.
10. INTEL-SA-00145 Intel has released recommendations to address a vulnerability—dubbed Lazy FP state restore—affecting Intel Core-based microprocessors. An attacker could exploit this vulnerability to obtain access to sensitive information.
11. Xcode 9.4.1 Apple has released a security update to address vulnerabilities in Xcode. An attacker could exploit one of these vulnerabilities to take control of an affected system.
12. 67.0.3396.87 Google has released Chrome version 67.0.3396.87 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.
13. Malware Analysis Report (MAR) 10135536-12 The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified Trojan malware variants used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.
14. -- The Federal Trade Commission (FTC) has launched Operation Main Street, an effort with the Better Business Bureau (BBB) and law enforcement to educate small business owners on how to stop scams targeting their businesses.
15. cisco-sa-20180620-nxos-bo, cisco-sa20180620-fxnxos-fab-ace, cisco-sa-20180620- fxnxos-ace, cisco-sa-20180620-fx-os-fabricexecution, cisco-sa-20180620-fx-os-cliexecution, cisco-sa-20180620-nx-os-cliinjection, cisco-sa-20180620-nxossnmp, ciscosa-20180620-nxosrbac, cisco-sa-20180620- nxosigmp, cisco-sa-20180620-nxosbgp, ciscosa-20180620-nxosadmin, cisco-sa-20180620- nxos-nxapi, cisco-sa-20180620-nxos-cdp, cisco-sa-20180620-nx-os-fabric-dos, cisco-sa20180620-nx-os-fabric-services-dos, cisco-sa20180620-nx-os-cli-execution, cisco-sa20180620-nx-os-api-execution, cisco-sa20180620-n4k-snmp-dos, cisco-sa-20180620- n3k-n9k-clisnmp, cisco-sa-20180620-fxos-dos, cisco-sa-20180620-fxos-ace, cisco-sa20180620-fxnxos-dos, cisco-sa-20180620-fxos-fabric-dos, cisco-sa-20180620-firepwr-pt Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
16. -- United Kingdom’s National Cyber Security Centre (NCSC) guidance on Internet Edge Device Security and implement the following recommendations:
17. Firefox ESR 52.9, Firefox ESR 60.1, and Firefox 61 Mozilla has released security updates to address multiple vulnerabilities in Firefox ESR and Firefox. A remote attacker could exploit some of these vulnerabilities to cause a denial-ofservice condition.

References:


  1. https://www.spellsecurity.com/

Disclaimer: This list is a way to make readers aware on various advisories/patches on monthly basis. However, the list may not be exhaustive.