Autonomous System Uncovers Long-Standing OpenSSL Flaws
A recent update has fixed 12 vulnerabilities in OpenSSL, some existing in the codebase for years
Stay informed on infosec trends, threats, and strategies with the latest updates and expert insights in Information Security.
Search across headline titles and summaries.
Background for this topic.
Fixed is a status indicating that a security issue has been addressed through a corrective change, such as a software patch, code change, configuration update, or removal of an affected component. In vulnerability tracking, it usually describes the issue under specified conditions and versions; it does not automatically prove that every affected asset has been updated or that exploitation is impossible.
For vulnerability management, practitioners should verify the fix’s scope, deployment, and effectiveness through testing, rescanning, or other evidence. Incomplete rollout, an overlooked instance, a dependent vulnerable component, or a regression can leave exposure despite a “Fixed” label. Records should distinguish fixed from mitigated or accepted, identify affected assets and versions, and retain validation dates. If the issue was exploited before remediation, fixing it does not establish that an attacker’s access or changes have been removed; that requires separate investigation.
Weekly headline count for the current query.
A recent update has fixed 12 vulnerabilities in OpenSSL, some existing in the codebase for years
Three of Anthropic’s Claude Desktop extensions were vulnerable to command injection – flaws that have now been fixed
Microsoft has fixed over 170 CVEs in October’s Patch Tuesday, including six zero-day vulnerabilities
Microsoft has fixed over 80 vulnerabilities including two publicly disclosed zero-days in its latest Patch Tuesday release
WhatsApp has fixed a zero-day vulnerability linked to a sophisticated cyber-attack
Microsoft has fixed seven zero-days this Patch Tuesday, including one not currently being actively exploited
Microsoft confirmed an outage of its multi-factor authentication system impacting access to Microsoft 365, causing login failures and service disruption
In a major security update, Apple has fixed dozens of bugs and vulnerabilities across its operating systems and services
SolarWinds has discovered and fixed a critical remote code execution vulnerability in Web Help Desk
All SAP AI Core vulnerabilities were reported to SAP by Wiz and have since been fixed
Ivanti has fixed two critical vulnerabilities in its Avalanche MDM product which could lead to remote code execution
Critical Hyper-V flaw one of 12 remote code execution vulnerabilities fixed this Patch Tuesday
It’s the fifth zero-day to be fixed this year
One of them, CVE-2023-37201, involved a use-after-free issue in WebRTC certificate generation
The vulnerabilities, which are now fixed, could have put sensitive customer data at risk
Close to 50 CVEs addressed this month
Thirteen of the 84 vulnerabilities fixed in yesterday’s update are classified as 'Critical'
The vulnerabilities, now fixed, allowed for a potential man in the middle attack
All vulnerabilities rated “important” with one publicly disclosed