- ISC Releases Security Advisories for Multiple Versions of BIND 9
- VMware Releases Security Updates for VMware vRealize Log Insight
- Apple Releases Security Updates for Multiple Products
_______________________________
ISC Releases Security Advisories for Multiple Versions of BIND 9
Situation:
The Internet Systems Consortium (ISC) has released security advisories for multiple versions of BIND 9.
Problem:
Vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9.
Implication:
A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system failures.
Need:
CISA encourages users and administrators to review the following ISC advisories CVE-2022-3094, CVE-2022-3488, CVE-2022-3736, and CVE-2022-3924, and apply the necessary mitigations.
Additional Resources:
Cybersecurity & Infrastructure Security Agency:
CVE-2022-3094 Link:
https://kb.isc.org/v1/docs/cve-2022-3094
CVE-2022-3488 Link:
https://kb.isc.org/v1/docs/cve-2022-3488
CVE-2022-3736 Link:
https://kb.isc.org/v1/docs/cve-2022-3736
CVE-2022-3924 Link:
https://kb.isc.org/v1/docs/cve-2022-3924
________________________________
VMware Releases Security Updates for VMware vRealize Log Insight
Situation:
VMware released security updates to address multiple vulnerabilities in VMware vRealize Log Insight.
Problem:
An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
Implication:
A remote attacker could exploit these vulnerabilities to take control of an affected system.
Need:
We encourage users and administrators to review VMware Security Advisory VMSA-2023-0001 and apply the necessary updates.
Additional Resources:
VMware Releases Security Updates for VMware vRealize Log Insight:
VMSA-2023-0001:
https://www.vmware.com/security/advisories/VMSA-2023-0001.html
________________________________
Apple Releases Security Updates for Multiple Products
Situation:
Apple has released security updates to address vulnerabilities in multiple products.
Problem:
Apple has discovered various new vulnerabilities in multiple of it products.
Implication:
An attacker could exploit some of these vulnerabilities to take control of an affected device.
Need:
We encourage users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible:
- Safari 16.3
- iOS 12.5.7
- macOS Monterey 12.6.3
- macOS Big Sur 11.7.3
- watchOS 9.3
- iOS 15.7.3 and iPadOS 15.7.3
- iOS 16.3 and iPadOS 16.3
- macOS Ventura 13.2
Additional Resources:
Apple Releases Security Updates for Multiple Products:
Apple security updates:
https://support.apple.com/en-us/HT201222