Security updates for WordPress, Cisco, Chrome, OS X Yosemite

All security experts speak one language and agree that the most important principle that more allows protection against exploits, malware, network attacks and attacks on web applications is the software upgrade. Is it a Windows system, drivers, third party software and anti-viruses - each of them needs updating, and the frustration that sometimes comes from a very tedious patching process should be hidden in your pocket.

In the last few days we've got a lot of updates, and here are the most important ones:

WordPress

Developers of the content management system (CMS) have announced a new version of WordPress 4.2.3, which patches many bugs and quite a serious security gap. In addition to the twenty patched minor errors, the updated new version fixes the problem that allows the XSS attack, as a result of which the attacker could gain control over the site and replace its content.

If possible, it is recommended to upgrade WordPress to version 4.2.3

Cisco

In turn, CISCO, a manufacturer of routers, switches and network equipment, is patching its three products:

1. The first is the Cisco Nexus 9000 Series ACI switch - a vulnerability has been discovered in his software, specifically in the Application Policy Infrastructure Controller (APIC) cluster management configuration. The vulnerability could allow the authenticated person to remotely access APIC with root privileges and execute his own command.

2. A hole was also discovered in the IOS XE software that could allow an unauthenticated person to remotely perform a DoS attack by exploiting a vulnerability in the TFTP server function. Cisco has already repaired the fault.

3. The last vulnerability can be found in the Cisco Unified MeetingPlace Web Conferencing - an application for web conferencing. An attacker using a crafted HTTP request can exploit the vulnerability and change the passwords of any users to access the application.

Google Chrome

The Google Chrome browser has been updated to version 44.0.2403.89 for Windows, Mac and Linux. Many vulnerabilities were patched, which could allow the attacker to take control of the system being attacked.

OS X Yosemite 10.10

Apple adding a variable dyld_print_to file to the new version of its system, which allows the dynamic linker to log logs and save them to any file, forgot to protect this function. The vulnerability discovered allows an attacker to gain root privileges by issuing the following command in the system shell:

echo 'echo' $ (whoami) ALL = (ALL) NOPASSWD: ALL "> & 3 '| DYLD_PRINT_TO_FILE = / etc / sudoers newgrp; sudo -s 

For now, users of version 10.10.4 and 10.10.5 Yosemite have not received updates. The beta version of OS X 10.11 El Capitan is free of this hole.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.