GitLab has released security updates to address vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE). Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review GitLab Security Advisory and apply necessary updates.

IBM has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review IBM Security Advisories dated 25^th January 2024 and apply necessary updates.

NetApp has released security updates to address vulnerabilities in QEMU, bouncy castle, curl, logstash, gnu library, openssh and infinispan. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service condition.

Users and administrators are encouraged to review NetApp Security Advisories ntap-20240125-0005, ntap–20240125-0001, ntap-20240125-0007, ntap-20240125-0002, ntap-20240125-0008, ntap-20240125-0006 and ntap-20240125-0004 and apply necessary updates.

OpenSSL has released security updates to address a vulnerability in PKCS12. Exploitation of this vulnerability may allow an attacker to cause a denial of service condition.

Users and administrators are encouraged to review OpenSSL Security Advisory and apply necessary updates.

Advisory No: TZCERT/SA/2024/01/24

Date of First Release: 24^th January 2024

Source: Apple

Software Affected:

• Safari 17.3 – For Macs running macOS Monterey and macOS Ventura
• iOS 17.3 and iPadOS 17.3 – For iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
• iOS 16.7.5 and iPadOS 16.7.5 – For iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
• macOS Sonoma 14.3 – For Macs running macOS Sonoma
• macOS Ventura 13.6.4 – For Macs running macOS Ventura
• macOS Monterey 12.7.3 – For Macs running macOS Monterey
• tvOS 17.3 – For Apple TV HD and Apple TV 4K (all models)

Overview:

Apple has released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browsers to address a zero-day vulnerability that is being exploited by malicious actors. Successful exploitation of this flaw may allow an attacker to cause arbitrary code execution.

Description:

The vulnerability (CVE-2024-23222, CVSS score: 7.5) is a type of confusion flaw in WebKit, Apple’s web browser engine. The vulnerability could allow attackers to execute arbitrary code while the victim device processes maliciously crafted web content.

Impact:

Successful exploitation of this vulnerability may allow a remote attacker to take control of the affected system.

Solution:

Apple has released security updates to resolve this vulnerability. Users and administrations are encouraged to update as soon as possible.

References:

1. https://support.apple.com/en-us/HT201222
2. https://www.helpnetsecurity.com/2024/01/23/cve-2024-23222/
3. https://nvd.nist.gov/vuln/detail/CVE-2024-23222