Drualgeddon3: Today in the late afternoon all of Poland updates Drupal

It's amazing, but for some time, Drupal's developers have been warning their clients for a few days before the security update was released, so that they could be better prepared for the "important" amendments. In a short time, for the second time, the security patch for Drupal in versions 7.x , 8.4.x , and 8.5.x will be 8.5.x , probably a trivial way - maybe executing remote code or maybe performing an SQL Injection attack? None of the technical details have been made public yet. Or maybe as in the previous time (due to the seriousness of the threat) technical information will be published only a few days after the release of the patch?

The case is no less serious than at the end of March 2018, when we were dealing with "Drupalgeddon2". At that time, it was not decided to reveal the technical details right away, so as not to simplify the task of authors of exploits.

Drupal Security Team explains:

There is a security release on Drupal 7.x, 8.4.x, and 8.5.x on April 25th, 2018 between 16:00 - 18:00 UTC.

Today in the late afternoon, more or less at 18-20 Polish time, it is worth spending a few minutes to implement the amendments. It may not take several hours or days, and the ready exploit will be circulating on the web and, as before, will be used to attack websites driven by CMS Drupal.

The details are explained on this page . The vulnerability identificate was also reserved: CVE-2018-7602 . More information about the vulnerability will be published at this link: https://www.drupal.org/securi…



Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.