2022年5月31日星期二

Microsoft 產品 遠端執行程式碼漏洞

發佈日期: 2022年05月31日

風險: 極高度風險

類型: 操作系統 - 視窗操作系統

類型: 視窗操作系統

於 Microsoft Edge 發現一個漏洞。遠端使用者可利用此漏洞,於目標系統觸發遠端執行任意程式碼。

 

注意
CVE-2022-30190 漏洞正被廣泛利用。惡意程式碼會於應用程式如 Word 檔執行,並利用 MSDT (微軟檢測工具) 的 URL 協議從而觸發遠端執行任意程式碼。攻擊者利用此漏洞進行系統權限的遠端執行任意程式碼包括安裝程式、查閱、更改、刪除數據或創建新帳戶。

影響

  • 遠端執行程式碼

受影響之系統或技術

  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows RT 8.1
  • Windows 8.1 for x64-based systems
  • Windows 8.1 for 32-bit systems
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2016
  • Windows 10 Version 1607 for x64-based Systems
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 for x64-based Systems
  • Windows 10 for 32-bit Systems
  • Windows 10 Version 21H2 for x64-based Systems
  • Windows 10 Version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for 32-bit Systems
  • Windows 11 for ARM64-based Systems
  • Windows 11 for x64-based Systems
  • Windows Server, version 20H2 (Server Core Installation)
  • Windows 10 Version 20H2 for ARM64-based Systems
  • Windows 10 Version 20H2 for 32-bit Systems
  • Windows 10 Version 20H2 for x64-based Systems
  • Windows Server 2022 Azure Edition Core Hotpatch
  • Windows Server 2022 (Server Core installation)
  • Windows Server 2022
  • Windows 10 Version 21H1 for 32-bit Systems
  • Windows 10 Version 21H1 for ARM64-based Systems
  • Windows 10 Version 21H1 for x64-based Systems
  • Windows Server 2019 (Server Core installation)
  • Windows Server 2019
  • Windows 10 Version 1809 for ARM64-based Systems
  • Windows Server 2019
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

安裝軟件供應商提供的修補程式:

漏洞識別碼

資料來源

相關連結

沒有留言:

Microsoft Products Remote Code Execution Vulnerability

Release Date: 31 May 2022

RISK: Extremely High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

A vulnerability was identified in Microsoft Products. A remote user can exploit this vulnerability to trigger remote code execution on the targeted system.

 

Note:
CVE-2022-30190 is being exploited in the wild. A remote code execution vulnerability exists when MSDT (Microsoft Diagnostic Tool) is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.

Impact

  • Remote Code Execution

System / Technologies affected

  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows RT 8.1
  • Windows 8.1 for x64-based systems
  • Windows 8.1 for 32-bit systems
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2016
  • Windows 10 Version 1607 for x64-based Systems
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 for x64-based Systems
  • Windows 10 for 32-bit Systems
  • Windows 10 Version 21H2 for x64-based Systems
  • Windows 10 Version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for 32-bit Systems
  • Windows 11 for ARM64-based Systems
  • Windows 11 for x64-based Systems
  • Windows Server, version 20H2 (Server Core Installation)
  • Windows 10 Version 20H2 for ARM64-based Systems
  • Windows 10 Version 20H2 for 32-bit Systems
  • Windows 10 Version 20H2 for x64-based Systems
  • Windows Server 2022 Azure Edition Core Hotpatch
  • Windows Server 2022 (Server Core installation)
  • Windows Server 2022
  • Windows 10 Version 21H1 for 32-bit Systems
  • Windows 10 Version 21H1 for ARM64-based Systems
  • Windows 10 Version 21H1 for x64-based Systems
  • Windows Server 2019 (Server Core installation)
  • Windows Server 2019
  • Windows 10 Version 1809 for ARM64-based Systems
  • Windows Server 2019
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

沒有留言:

2022年5月27日星期五

SUSE Linux 內核多個漏洞

發佈日期: 2022年05月27日

風險: 中度風險

類型: 操作系統 - LINUX

類型: LINUX

於 SUSE Linux 內核發現多個漏洞。攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、洩露敏感資料及繞過保安限制。

影響

  • 阻斷服務
  • 繞過保安限制
  • 遠端執行程式碼
  • 資料洩露

受影響之系統或技術

  • openSUSE Leap 15.3
  • SUSE Linux Enterprise Desktop 15-SP3
  • SUSE Linux Enterprise High Performance Computing 15-ESPOS
  • SUSE Linux Enterprise High Performance Computing 15-LTSS
  • SUSE Linux Enterprise High Performance Computing 15-SP2
  • SUSE Linux Enterprise High Performance Computing 15-SP3
  • SUSE Linux Enterprise Micro 5.1
  • SUSE Linux Enterprise Micro 5.2
  • SUSE Linux Enterprise Module for Basesystem 15-SP3
  • SUSE Linux Enterprise Module for Live Patching 15-SP2
  • SUSE Linux Enterprise Module for Live Patching 15-SP3
  • SUSE Linux Enterprise Server 12-SP4-LTSS
  • SUSE Linux Enterprise Server 12-SP5
  • SUSE Linux Enterprise Server 15-LTSS
  • SUSE Linux Enterprise Server 15-SP2
  • SUSE Linux Enterprise Server 15-SP3
  • SUSE Linux Enterprise Server for SAP 12-SP4
  • SUSE Linux Enterprise Server for SAP 15
  • SUSE Linux Enterprise Server for SAP Applications 15-SP2
  • SUSE Linux Enterprise Server for SAP Applications 15-SP3
  • SUSE Manager Proxy 4.2
  • SUSE Manager Server 4.2
  • SUSE OpenStack Cloud 9
  • SUSE OpenStack Cloud Crowbar 9

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

 

安裝供應商提供的修補程式:

漏洞識別碼

資料來源

相關連結

沒有留言:

SUSE Linux Kernel Multiple Vulnerabilities

Release Date: 27 May 2022

RISK: Medium Risk

TYPE: Operating Systems - Linux

TYPE: Linux

Multiple vulnerabilities were identified in SUSE Linux Kernel. An attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.

Impact

  • Denial of Service
  • Security Restriction Bypass
  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • openSUSE Leap 15.3
  • SUSE Linux Enterprise Desktop 15-SP3
  • SUSE Linux Enterprise High Performance Computing 15-ESPOS
  • SUSE Linux Enterprise High Performance Computing 15-LTSS
  • SUSE Linux Enterprise High Performance Computing 15-SP2
  • SUSE Linux Enterprise High Performance Computing 15-SP3
  • SUSE Linux Enterprise Micro 5.1
  • SUSE Linux Enterprise Micro 5.2
  • SUSE Linux Enterprise Module for Basesystem 15-SP3
  • SUSE Linux Enterprise Module for Live Patching 15-SP2
  • SUSE Linux Enterprise Module for Live Patching 15-SP3
  • SUSE Linux Enterprise Server 12-SP4-LTSS
  • SUSE Linux Enterprise Server 12-SP5
  • SUSE Linux Enterprise Server 15-LTSS
  • SUSE Linux Enterprise Server 15-SP2
  • SUSE Linux Enterprise Server 15-SP3
  • SUSE Linux Enterprise Server for SAP 12-SP4
  • SUSE Linux Enterprise Server for SAP 15
  • SUSE Linux Enterprise Server for SAP Applications 15-SP2
  • SUSE Linux Enterprise Server for SAP Applications 15-SP3
  • SUSE Manager Proxy 4.2
  • SUSE Manager Server 4.2
  • SUSE OpenStack Cloud 9
  • SUSE OpenStack Cloud Crowbar 9

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

沒有留言:

2022年5月26日星期四

Citrix 產品阻斷服務漏洞

發佈日期: 2022年05月26日

風險: 中度風險

類型: 伺服器 - 其他伺服器

類型: 其他伺服器

於 Citrix 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況。

影響

  • 阻斷服務

受影響之系統或技術

  • Citrix ADC 及 Citrix Gateway 13.1 (13.1-21.50之前的版本)
  • Citrix ADC 及 Citrix Gateway 13.0 (13.0-85.19之前的版本)
  • Citrix ADC 及 Citrix Gateway 12.1 (12.1-64.17之前的版本)
  • Citrix ADC 12.1-FIPS 12.1-55.278 之前的版本
  • Citrix ADC 12.1-NDcPP 12.1-55.278 之前的版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

 

安裝供應商提供的修補程式:

漏洞識別碼

資料來源

相關連結

沒有留言:

Citrix Products Denial of Service Vulnerabilities

Release Date: 26 May 2022

RISK: Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Multiple vulnerabilities were identified in Citrix Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition on the targeted system.

Impact

  • Denial of Service

System / Technologies affected

  • Citrix ADC and Citrix Gateway 13.1 before 13.1-21.50
  • Citrix ADC and Citrix Gateway 13.0 before 13.0-85.19
  • Citrix ADC and Citrix Gateway 12.1 before 12.1-64.17
  • Citrix ADC 12.1-FIPS before 12.1-55.278
  • Citrix ADC 12.1-NDcPP before 12.1-55.278

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

沒有留言:

Drupal 資料洩露漏洞

發佈日期: 2022年05月26日

風險: 中度風險

類型: 伺服器 - 其他伺服器

類型: 其他伺服器

於 Drupal Core 發現一個漏洞。遠端使用者可利用此漏洞,於目標系統觸發洩露敏感資料。

影響

  • 資料洩露

受影響之系統或技術

  • Drupal 9.3.14 之前版本
  • Drupal 9.2.20 之前版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
 

安裝供應商提供的修補程式:

  • 對於 Drupal 9.3,更新到 Drupal 9.3.14
  • 對於 Drupal 9.2,更新到 Drupal 9.2.20

 

Drupal 9 之前的 9.2.x 版本生命週期已結束,供應商已停止為這些產品提供修補程式。

請注意,Drupal 8 版本生命週期已結束。

Drupal 7 不受影響。

漏洞識別碼

資料來源

相關連結

沒有留言:

Drupal Information Disclosure Vulnerability

Release Date: 26 May 2022

RISK: Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability has been identified in Drupal Core. A remote user can exploit this vulnerability to trigger sensitive information disclosure on the targeted system.

Impact

  • Information Disclosure

System / Technologies affected

  • Drupal version prior to 9.3.14
  • Drupal version prior to 9.2.20

Solutions

Before installation of the software, please visit the vendor web-site for more details.
 

Apply fixes issued by the vendor:

  • for Drupal 9.3, update to Drupal 9.3.14
  • for Drupal 9.2, update to Drupal 9.2.20

 

All versions of Drupal 9 prior to 9.2.x are end-of-life and do not receive security coverage.
Note that Drupal 8 has reached its end of life.

Drupal 7 is not affected.

Vulnerability Identifier

Source

Related Link

沒有留言:

Zoom Client for Meetings 遠端執行任意程式碼漏洞

發佈日期: 2022年05月26日

風險: 中度風險

類型: 用戶端 - 辦公室應用

類型: 辦公室應用

於 Zoom Client for Meetings發現一個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼。

影響

  • 遠端執行程式碼

受影響之系統或技術

  • The Zoom Client for Meetings (於 Android, iOS, Linux, macOS, and Windows) 5.10.0 之前版本

解決方案

更新至 Zoom Client for Meetings 5.10.0

漏洞識別碼

資料來源

相關連結

沒有留言:

Zoom Client for Meetings Remote Code Execution Vulnerability

Release Date: 26 May 2022

RISK: Medium Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

A vulnerability has been identified in Zoom Client for Meetings. A remote attacker can exploit this vulnerability to trigger remote code execution on the targeted system.

Impact

  • Remote Code Execution

System / Technologies affected

  • The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0

Solutions

Update to Zoom Client for Meetings 5.10.0

Vulnerability Identifier

Source

Related Link

沒有留言:

2022年5月25日星期三

Google Chrome 多個漏洞

發佈日期: 2022年05月25日

風險: 中度風險

類型: 用戶端 - 瀏覽器

類型: 瀏覽器

於 Google Chrome 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼、資料洩露及阻斷服務狀況。

影響

  • 遠端執行程式碼
  • 資料洩露
  • 阻斷服務

受影響之系統或技術

  • Google Chrome for Windows 102.0.5005.61 之前的版本
  • Google Chrome for Mac 102.0.5005.61 之前的版本
  • Google Chrome for Linux 102.0.5005.61 之前的版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

安裝軟件供應商提供的修補程式:

  • 更新至 Google Chrome for Windows 102.0.5005.61/62/63 版本
  • 更新至 Google Chrome for Mac 102.0.5005.61 版本
  • 更新至 Google Chrome for Linux 102.0.5005.61 版本

漏洞識別碼

資料來源

相關連結

沒有留言:

Google Chrome Multiple Vulnerabilities

Release Date: 25 May 2022

RISK: Medium Risk

TYPE: Clients - Browsers

TYPE: Browsers

Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, information disclosure and denial of service condition on the targeted system.

Impact

  • Remote Code Execution
  • Information Disclosure
  • Denial of Service

System / Technologies affected

  • Google Chrome for Windows version prior to 102.0.5005.61
  • Google Chrome for Mac version prior to 102.0.5005.61
  • Google Chrome for Linux version prior to 102.0.5005.61

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

  • Update to Google Chrome for Windows to 102.0.5005.61/62/63
  • Update to Google Chrome for Mac to 102.0.5005.61
  • Update to Google Chrome for Linux to 102.0.5005.61

Vulnerability Identifier

Source

Related Link

沒有留言:

2022年5月23日星期一

Mozilla 產品多個漏洞

發佈日期: 2022年05月23日

風險: 中度風險

類型: 用戶端 - 瀏覽器

類型: 瀏覽器

於 Mozilla 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼及繞過保安限制。

 

影響

  • 遠端執行程式碼
  • 繞過保安限制

受影響之系統或技術

以下版本之前的版本﹕

 

  • Firefox 100.0.2
  • Firefox for Android 100.3.0
  • Firefox ESR 91.9.1
  • Thunderbird 91.9.1

解決方案

在安裝軟體之前,請先瀏覽供應商之官方網站,以獲得更多詳細資料。

更新至版本:

 

  • Firefox 100.0.2
  • Firefox for Android 100.3.0
  • Firefox ESR 91.9.1
  • Thunderbird 91.9.1

漏洞識別碼

資料來源

相關連結

沒有留言:

Mozilla Products Multiple Vulnerabilities

Release Date: 23 May 2022

RISK: Medium Risk

TYPE: Clients - Browsers

TYPE: Browsers

Multiple vulnerabilities were identified in Mozilla products. A remote attacker could exploit some of these vulnerabilities to remote code execution and security restriction bypass on the targeted system.

Impact

  • Remote Code Execution
  • Security Restriction Bypass

System / Technologies affected

Versions prior to:

 

  • Firefox 100.0.2
  • Firefox for Android 100.3.0
  • Firefox ESR 91.9.1
  • Thunderbird 91.9.1

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

  • Firefox 100.0.2
  • Firefox for Android 100.3.0
  • Firefox ESR 91.9.1
  • Thunderbird 91.9.1

Vulnerability Identifier

Source

Related Link

沒有留言:

思科 IOS XR 繞過保安限制漏洞

發佈日期: 2022年05月23日

風險: 高度風險

類型: 操作系統 - Network

類型: Network

於 思科 IOS XR 發現一個漏洞。攻擊者可利用這漏洞,於目標系統觸發繞過保安限制。

 

注意
CVE-2022-20821 漏洞正被廣泛利用。

該漏洞與 思科 IOS XR RPM健康檢查預設開啟 TCP 6379 端口有關。該漏洞允許未經授權存取在 NOSi 容器中運行的 Redis 服務。

影響

  • 繞過保安限制

受影響之系統或技術

  • 思科 IOS XR 7.3.3 版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

 

漏洞識別碼

資料來源

相關連結

沒有留言:

Cisco IOS XR Security Restriction Bypass Vulnerability

Release Date: 23 May 2022

RISK: High Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

A vulnerability was identified in Cisco IOS XR. An attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system.

 

Note:
CVE-2022-20821 is being exploited in the wild.

The vulnerability is related to the Cisco IOS XR health check RPM opens TCP port 6379 by default. The vulnerability can exploit the opening port that allows unauthorized access to the Redis instance running within the NOSi container.

Impact

  • Security Restriction Bypass

System / Technologies affected

  • Cisco IOS XR Version 7.3.3

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Vulnerability Identifier

Source

Related Link

沒有留言:

F5 產品阻斷服務漏洞

發佈日期: 2022年05月23日

風險: 中度風險

類型: 操作系統 - Network

類型: Network

於 F5 產品中發現多個漏洞。遠端攻擊者可利用這個漏洞,於目標系統觸發阻斷服務狀況。

影響

  • 阻斷服務

受影響之系統或技術

BIG-IP APM Clients

  • 17.0.0
  • 16.1.0 - 16.1.2
  • 15.1.0 - 15.1.5
  • 14.1.0 - 14.1.4
  • 13.1.0 - 13.1.5

BIG-IP (all modules)

  • 17.0.0
  • 16.1.0 - 16.1.2
  • 15.1.0 - 15.1.5
  • 14.1.0 - 14.1.4
  • 13.1.0 - 13.1.5

BIG-IQ Centralized Management

  • 8.0.0 - 8.2.0
  • 7.0.0 - 7.1.0

BF5OS-A

  • 1.0.0 - 1.0.1

BF5OS-C

  • 1.3.0 - 1.3.2
  • 1.2.0 - 1.2.2
  • 1.1.0 - 1.1.4

Traffix SDC

  • 5.2.0
  • 5.1.0

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

 

安裝供應商提供的修補程式:

https://support.f5.com/csp/article/K21548854

https://support.f5.com/csp/article/K83120834

https://support.f5.com/csp/article/K08832573

漏洞識別碼

資料來源

相關連結

沒有留言:

F5 Products Denial of Service Vulnerability

Release Date: 23 May 2022

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

Multiple vulnerabilities were identified in F5 Products. A remote attacker could exploit this vulnerability to trigger denial of service condition.

Impact

  • Denial of Service

System / Technologies affected

BIG-IP APM Clients

  • 17.0.0
  • 16.1.0 - 16.1.2
  • 15.1.0 - 15.1.5
  • 14.1.0 - 14.1.4
  • 13.1.0 - 13.1.5

BIG-IP (all modules)

  • 17.0.0
  • 16.1.0 - 16.1.2
  • 15.1.0 - 15.1.5
  • 14.1.0 - 14.1.4
  • 13.1.0 - 13.1.5

BIG-IQ Centralized Management

  • 8.0.0 - 8.2.0
  • 7.0.0 - 7.1.0

BF5OS-A

  • 1.0.0 - 1.0.1

BF5OS-C

  • 1.3.0 - 1.3.2
  • 1.2.0 - 1.2.2
  • 1.1.0 - 1.1.4

Traffix SDC

  • 5.2.0
  • 5.1.0

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

https://support.f5.com/csp/article/K21548854

https://support.f5.com/csp/article/K83120834

https://support.f5.com/csp/article/K08832573

Vulnerability Identifier

Source

Related Link

沒有留言:

2022年5月20日星期五

蘋果產品多個漏洞

最後更新 2022年05月20日 發佈日期: 2022年05月17日

風險: 極高度風險

類型: 操作系統 - 流動裝置及操作系統

類型: 流動裝置及操作系統

於 Apple Products 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發資料洩露、遠端執行程式碼、繞過保安限制、權限提升、阻斷服務狀況及篡改。

 

注意
CVE-2022-22675 漏洞正被廣泛利用。

該漏洞與 AppleAVD (音訊及視訊解碼的內核擴充) 有關。該漏洞允許惡意應用程式於目標系統上以內核權限運行任意代碼。

 

[更新於 2022-05-20]

新增 iTunes for Windows 於受影響之系統或技術及解決方案。

影響

  • 資料洩露
  • 遠端執行程式碼
  • 權限提升
  • 繞過保安限制
  • 篡改
  • 阻斷服務

受影響之系統或技術

  • Safari 15.5 以前的版本
  • tvOS 15.5 以前的版本
  • Xcode 13.4 以前的版本
  • macOS Catalina 安全更新 2202-004 以前的版本
  • macOS Big Sur 11.6.6 以前的版本
  • macOS Monterey 12.4 以前的版本
  • iOS 15.5 以前的版本
  • iPadOS 15.5 以前的版本
  • watchOS 8.6 以前的版本
  • iTunes for Windows 12.12.4 以前的版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

安裝供應商提供的修補程式:

  • Safari 15.5
  • tvOS 15.5
  • Xcode 13.4
  • macOS Catalina 安全更新 2202-004
  • macOS Big Sur 11.6.6
  • macOS Monterey 12.4
  • iOS 15.5
  • iPadOS 15.5
  • watchOS 8.6
  • iTunes for Windows 12.12.4

漏洞識別碼

資料來源

相關連結

沒有留言:

Apple Products Multiple Vulnerabilities

Last Update Date: 20 May 2022 Release Date: 17 May 2022

RISK: Extremely High Risk

TYPE: Operating Systems - Mobile & Apps

TYPE: Mobile & Apps

Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger information disclosure, remote code execution, security restriction bypass, elevation of privilege, denial of service and data manipulation on the targeted system.

 

Note:
CVE-2022-22675 is being exploited in the wild.

The vulnerability is related to the AppleAVD (a kernel extension for audio and video decoding). The vulnerability can exploit the AppleAVD that allows malicious apps to run arbitrary code with kernel privileges on the targeted system.

 

[Updated on 2022-05-20]

Added iTunes for Windows to the "System / Technologies affected" and "Solution" sections

Impact

  • Information Disclosure
  • Remote Code Execution
  • Elevation of Privilege
  • Security Restriction Bypass
  • Data Manipulation
  • Denial of Service

System / Technologies affected

  • Versions prior to Safari 15.5
  • Versions prior to tvOS 15.5
  • Versions prior to Xcode 13.4
  • Versions prior to macOS Catalina Security Update 2022-004
  • Versions prior to macOS Big Sur 11.6.6
  • Versions prior to macOS Monterey 12.4
  • Versions prior to iOS 15.5
  • Versions prior to iPadOS 15.5
  • Versions prior to watchOS 8.6
  • Versions prior to iTunes for Windows 12.12.4

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:
  • Safari 15.5
  • tvOS 15.5
  • Xcode 13.4
  • macOS Catalina Security Update 2022-004
  • macOS Big Sur 11.6.6
  • macOS Monterey 12.4
  • iOS 15.5
  • iPadOS 15.5
  • watchOS 8.6
  • iTunes for Windows 12.12.4

Vulnerability Identifier

Source

Related Link

沒有留言:
訂閱: 文章 (Atom)

惡意軟件警報 - 零售商成為 Scattered Spider 黑客組織勒索軟件攻擊的目標

惡意軟件警報 - 零售商成為 Scattered Spider 黑客組織勒索軟件攻擊的目標 發佈日期: 2025年05月02日 類別: ...

  • Ubuntu Linux 核心多個漏洞
    Ubuntu Linux 核心多個漏洞 發佈日期: 2025年03月03日 風險: 中度風險 類型: 操作系統 - LINUX 於 Ubuntu...
  • Debian Linux 內核多個漏洞
    Debian Linux 內核多個漏洞 發佈日期: 2025年04月14日 風險: 中度風險 類型: 操作系統 - LINUX 於 Debian...