Overview
OpenSSL, a very widely-used software library in a range of commercial and internal applications, has released a security update to address vulnerabilities that include a high-severity flaw.
(If you are unsure whether your organisation uses OpenSSL, it is strongly recommended that you check with your I.T. team or I.T. service provider.)
VMWare has released a security update to address one security vulnerability in VMware Workstation.
Zyxel has released security advisories to fix ten vulnerabilities for several products.
Apple has released security updates to fix vulnerabilities in multiple products. One vulnerability may already be exploited by attackers within Safari, macOS Ventura, iOS, and iPadOS
Detail
OpenSSL’s security update address eight vulnerabilities including one High and seven Medium.
The high-severity vulnerability (CVE-2023-0286) is a type confusion in X.400 address-processing within X.509 GeneralName. This could allow an attacker to pass arbitrary pointers to a memcmp call. An attacker could exploit these vulnerabilities to perform a denial-of-service (DoS) attack on an affected system.
VMWare’s vulnerability (CVE-2023-20854) has a CVSSv3 base score of 7.8 and is an arbitrary file deletion vulnerability. An authenticated attacker could exploit this vulnerability to delete arbitrary files from the file of an affected system.
Zyxel vulnerabilities could lead to exploitation by an attacker through denial-of-service (DoS) attacks or command injections. Another possibility are Remote code executions (RCE) that could allow an attacker to take control of an affected system.
Apple has reported vulnerability CVE-2023-23529, which affects Safari, macOS Ventura, iOS and iPadOS. An attacker may exploit some of these vulnerabilities to take control of a vulnerable system including by way of maliciously crafted web content, which could then lead to arbitrary code execution.
Recommended Action
Users of OpenSSL are recommend to check their version of OpenSSL and update to the latest version if vulnerable. For further details, please read the following advisory:
OpenSSL – Security Advisory
VMWare – Security Advisory
Zyxel – Security Advisories
Apple – Security updates
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.