BadAlloc Vulnerability Affecting Devices Incorporating Older BlackBerry QNX Products

/in ,

Original release date: August 17, 2021

CISA released an Alert today on devices incorporating older versions of multiple BlackBerry QNX products affected by a BadAlloc vulnerability. A malicious actor could exploit this vulnerability to take control of an affected system or cause a denial-of-service condition. 

Because devices incorporating older versions of BlackBerry QNX products support critical infrastructure and national critical functions, CISA is strongly urging all organizations whose devices use affected QNX-based systems to immediately apply the mitigations provided in CISA Alert AA21-229A and Blackberry Advisory QNX-2021-001.

This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Update

/in ,

Original release date: August 17, 2021

Apple has released a security update to address vulnerabilities in iCloud for Windows 12.5. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Apple security update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Drupal Releases Security Updates

/in ,

Original release date: August 12, 2021 | Last revised: August 13, 2021

Drupal has released security updates to address vulnerabilities that could affect versions 8.9, 9.1, and 9.2. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Drupal Security Advisory SA-CORE-2021-005 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Updates for Thunderbird

/in ,

Original release date: August 12, 2021

Mozilla has released security updates to address vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 91 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Citrix Releases Security Update for ShareFile Storage Zones Controller

/in ,

Original release date: August 10, 2021

Citrix has released a security update to address a vulnerability affecting Citrix ShareFile storage zones controller. An attacker can exploit this vulnerability to obtain access to sensitive information.

CISA recommends users and administrators review Citrix Security Bulletin CTX322787 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

SAP Releases August 2021 Security Updates

/in ,

Original release date: August 10, 2021

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review SAP Security Notes for August 2021 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Intel Releases Multiple Security Updates

/in ,

Original release date: August 10, 2021

Intel has released security updates to address vulnerabilities multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Intel advisories and apply the necessary updates: 

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases August 2021 Security Updates

/in ,

Original release date: August 10, 2021

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s August 2021 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Adobe Releases Security Updates for Multiple Products 

/in ,

Original release date: August 10, 2021

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Updates for Firefox

/in ,

Original release date: August 10, 2021

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Mozilla Security Advisory for Firefox 91 and Firefox ESR 78.13 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.