Severity Rating: Critical
Revision Note: V1.1 (September 18, 2014): Corrected the severity table and vulnerability information to add CVE-2014-4112 as a vulnerability addressed by this update. This is an informational change only. Customers who have already successfully installed the update do not have to take any action.
Summary: This security update resolves one publicly disclosed vulnerability and seventeen privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Monthly Archives: September 2014
Nokia Asha 501 Lock Bypass
The Nokia Asha platform suffers from a lock code bypass vulnerability that allows for access to call records.
Internet's Security Bug Tracker Faces Its Y2K Moment
Apple Toughens iCloud Security After Celebrity Breach
Citadel Gets A Makeover As A Corporate Spy
eBay Redirect Attack Puts Buyers' Credentials At Risk
MODX Revolution 2.3.1-pl Cross Site Scripting
MODX Revolution version 2.3.1-pl suffers from a reflective cross site scripting vulnerability.
webEdition 6.3.8.0 Path Traversal
webEdition version 6.3.8.0 suffers from a path traversal vulnerability.
DAWIN – Distributed Audit & WIreless Intrusion Notification
DA-WIN, a wireless IDS, provides an organization a continuous wireless scanning capability that is light touch and simple. It utilizes compact and discreet sensors that can easily be deployed reducing the total cost of protection and simplifying the effort required for absolute, categoric regulatory compliance. This archive includes a dd image to be used on a Raspberry Pi and a user manual.
Apple Security Advisory 2014-2014-09-17-2
Apple Security Advisory 2014-09-17-2 – Apple TV 7 is now available and addresses wifi credential interception, information disclosure, code execution, and various other vulnerabilities.