Posted by Russell Sanford on Jan 30

Critical Start security expert Russell Sanford discovered and reported two critical zero-day vulnerabilities in the
Sophos Web Appliance in December of 2016. The vulnerabilities, documented under CVE-2016-9553, allow the remote
compromise of the appliance’s underlining Linux subsystem. The vulnerabilities have now been patched in the January
2017 4.3.1 release of the appliance line.

Here is a summary of the two vulnerabilities documented…