Monthly Archives: March 2017

Avast

‘Can you hear me?’ robocalls put consumers on alert [infographic]

Leave a comment

I fell for it the first time I answered a call. A friendly female voice hesitated, then giggled the line, “Can you hear me?” After I answered, “Yes”, it took me a few seconds to realize I had been fooled. It wasn’t a silly girl with a bad connection calling me on behalf of Disney Vacations – I had just been targeted by a robocaller. By then it was too late.

NVD

CVE-2017-4980

Leave a comment

EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 – 7.1.1.10, 7.2.0 – 7.2.1.3, and 8.0.0 – 8.0.0.1.

NVD

CVE-2017-4977

Leave a comment

EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system.

NVD

CVE-2017-7310

Leave a comment

A buffer overflow vulnerability in Import Command in Sync Breeze Enterprise Client 9.5.16, Disk Sorter Enterprise Client 9.5.12, and DiskBoss Enterprise Client 7.8.16 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.

Full Disclosure

APPLE-SA-2017-03-28-1 iCloud for Windows 6.2

Leave a comment

Posted by Apple Product Security on Mar 29

APPLE-SA-2017-03-28-1 iCloud for Windows 6.2

iCloud for Windows 6.2 is now available and addresses the following:

APNs Server
Available for: Windows 7 and later
Impact: An attacker in a privileged network position can track a
user’s activity
Description: A client certificate was sent in plaintext. This issue
was addressed through improved certificate handling.
CVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical
University…

Full Disclosure

APPLE-SA-2017-03-28-2 Additional information for APPLE-SA-2017-03-22-1 iTunes for Windows 12.6

Leave a comment

Posted by Apple Product Security on Mar 29

APPLE-SA-2017-03-28-2 Additional information for
APPLE-SA-2017-03-22-1 iTunes for Windows 12.6

iTunes for Windows 12.6 addresses the following:

APNs Server
Available for: Windows 7 and later
Impact: An attacker in a privileged network position can track a
user’s activity
Description: A client certificate was sent in plaintext. This issue
was addressed through improved certificate handling.
CVE-2017-2383: Matthias Wachs and Quirin Scheitle…