A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026.
Monthly Archives: October 2016
CVE-2016-6358 (email_security_appliance)
A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits. More Information: CSCux68539. Known Affected Releases: 9.1.0-032 9.7.1-000. Known Fixed Releases: 9.1.1-038.
CVE-2016-6360 (email_security_appliance, web_security_appliance)
A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the AMP process unexpectedly restarting. Affected Products: Cisco AsyncOS Software for Email Security Appliances (ESA) versions 9.5 and later up to the first fixed release, Cisco AsyncOS Software for Web Security Appliances (WSA) all versions prior to the first fixed release. More Information: CSCux56406, CSCux59928. Known Affected Releases: 9.6.0-051 9.7.0-125 8.8.0-085 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.7.1-066 WSA10.0.0-233.
CVE-2016-6372 (email_security_appliance, web_security_appliance, web_security_appliance_8.0.5)
A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA on both virtual and hardware appliances that are configured with message or content filters to scan incoming email attachments. More Information: CSCuy54740, CSCuy75174. Known Affected Releases: 9.7.1-066 9.5.0-575 WSA10.0.0-000. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047.
CVE-2016-6397 (ip_interoperability_and_collaboration_system)
A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. Affected Products: This vulnerability affects Cisco IPICS releases 4.8(1) to 4.10(1). More Information: CSCva46644. Known Affected Releases: 4.10(1) 4.8(1) 4.8(2) 4.9(1) 4.9(2).
Nude celebrity photo hacker sentenced to 18 months in prison
At least 50 celebrity Apple iCloud accounts and 72 Gmail inboxes were broken into by 36-year old Ryan Collins, whose victims included Jennifer Lawrence, Kirsten Dunst, Avril Lavigne, Kate Hudson, and Rihanna.
The post Nude celebrity photo hacker sentenced to 18 months in prison appeared first on WeLiveSecurity.
Avira’s Bug Bounty – a quick look
As a vendor for IT security solutions we feel like we owe it to our customers to make sure our products are stable and secure.
The post Avira’s Bug Bounty – a quick look appeared first on Avira Blog.
APPLE-SA-2016-10-27-1 Xcode 8.1
From: Apple Product Security
Reply to list
APPLE-SA-2016-10-27-1 Xcode 8.1 Xcode 8.1 is now available and addresses the following: IDE Xcode Server Available for: OS X El Capitan v10.11.5 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution [...]
APPLE-SA-2016-10-27-2 iCloud for Windows v6.0.1
From: Apple Product Security
Reply to list
APPLE-SA-2016-10-27-2 iCloud for Windows v6.0.1 iCloud for Windows v6.0.1 is now available and addresses the following: WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may result in the disclosure of user information [...]
APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows
From: Apple Product Security
Reply to list
APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows iTunes 12.5.2 for Windows is now available and addresses the following: WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may result in the disclosure of user information [...]