Overview
Ivanti has released security updates that affect Ivanti Connect Secure and Ivanti Policy Secure, which are software used for remote and mobile access to corporate resources. These updates address four vulnerabilities: CVE-2024-21894, CVE-2024-22053, CVE-2024-22052 and CVE-2024-22023. These vulnerabilities could allow attacker to code execution and denial-of-service.
Google has addressed two security flaws affecting the Pixel mobile phone that could allow someone with physical access to a phone to prevent remote-wiping. Evidence of exploitation has been reported by Google. The April system update for Pixel phones includes a partial patch for CVE-2024-29745 and CVE-2024-29748. Further patches are expected soon to fully address the vulnerabilities.
XZ Utils for Linux is a general data compression format. It is affected by a critical vulnerability (CVE-2024-3094) where malicious code was found by security researchers at Red Hat Inc. that was in the XZ source code. The vulnerability has a base-score of 10. The vulnerability could allow a remote attacker to perform code execution through SSH. The recommendation according a recent CISA advisory is to downgrade XZ Utils to an uncompromised version.
Imperva Securesphere Web Application Firewall is a web application firewall is designed to filter and monitor HTTP traffic to help protect web applications. The firewall is affected by a critical vulnerability (CVE-2023-50969) that could allow an attacker to bypass the firewall’s rules. The vulnerability has a base-score of 9.8.
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Ivanti – Ivanti Article
Google – Pixel Update Bulletin
XZ Utils – CISA Advisory
Imperva Securesphere – Imperva Article
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.