UCSF IT Technology

Apple has released security updates to address vulnerabilities in multiple Apple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. For a complete description of the vulnerabilities and affected systems go to  Apple Security Updates. IT Security

Palo Alto Networks Unit 42 created a response report to address attacks leveraging several vulnerabilities in D-Link devices. An attacker could exploit these vulnerabilities to take control of devices and conduct further attacks such as distributed denial-of-service (DDoS) attacks.

Google Chrome bug lets sites silently overwrite system clipboard content. The clipboard poisoning attack is said to have been accidentally introduced in Chrome version 104. A "major" security issue could allow malicious web pages to automatically overwrite clipboard content without requiring any user consent or interaction by simply visiting them. Threat actors could overwrite the clipboard with a link to specially crafted websites, leading victims to download dangerous software.

Mozilla has released security update to address a vulnerability in Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system. For a complete description of the vulnerabilities and affected systems go to Thunderbird 102.2.1. IT Security Read more about IT Security service offerings.

Google has released Chrome version 105.0.5195.52/53/54 for Windows and Chrome version 105.0.5195.52 Mac, and Linux.  An attacker could exploit this vulnerability to get initial access into the target's system by injecting iframe tag with initial asset IP address on its source. A remote attacker could exploit this vulnerability to take control of an affected system.

Cisco has released security updates to address vulnerabilities in Cisco Secure Web Appliance. A remote attacker could exploit this vulnerability to take control of an affected system. For a complete description of the vulnerabilities and affected systems go to:

Exploit code has been released for a critical vulnerability affecting networking devices with Realtek's RTL819x system on a chip (SoC). A remote attacker could exploit this vulnerability to compromise vulnerable devices from various original equipment manufacturers (OEMs), ranging from routers and access points to signal repeaters.  

Chrome released a new update (104.0.5112.101 for Mac and Linux, 104.0.5112.102 for Windows) that fixes 11 security vulnerabilities, including one zero-day high vulnerability that is being exploited in the wild. The zero-day vulnerability is described as a case of insufficient validation of untrusted input in

Fortinet has released security updates to address a very critical vulnerability in Fortinet FortiPortal. An attacker could remotely execute arbitrary code with root privileges.