GovCERT.HK - Security Alert (A15-12-09): Multiple Vulnerabilities in Adobe Flash Player
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory corruption, integer overflow, type confusion and use-after-free error. A remote attacker could entice a targeted user to open a specially crafted web page, Flash file, or document that supports embedded Flash content to exploit the vulnerabilities.
GovCERT.HK - Security Alert (A15-12-07): Multiple Vulnerabilities in Apple iOS
Apple has released software update fixing 30 vulnerabilities in iOS versions prior to iOS 9.2. These vulnerabilities are caused by problems in various iOS components. There are multiple attack vectors, the attacker could entice a user to open a specially crafted image or media files, font file, iBook file, iWork file, XML document, web page or install a malicious application to exploit the vulnerabilities.
GovCERT.HK - Security Alert (A15-12-06): Multiple Vulnerabilities in ISC BIND
Multiple vulnerabilities are found in the ISC BIND software. A remote attacker could send a specially crafted query to request a record with malformed class attribute to trigger REQUIRE assertion failure, causing a denial-of-service condition. In addition, a flaw was found which can cause the BIND to exit after encountering an INSIST assertion failure.
GovCERT.HK - Security Alert (A15-12-05): Multiple Vulnerabilities in Firefox
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by memory safety bugs in the browser engine, flaws in API or use-after-free error. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.
GovCERT.HK - Security Alert (A15-12-04): Multiple Vulnerabilities in Adobe Flash Player
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory corruption, various buffer overflow, type confusion, use-after-free error and security bypass problems. A remote attacker could entice a targeted user to open a specially crafted web page, Flash file, or document that supports embedded Flash content to exploit the vulnerabilities.
GovCERT.HK - Security Alert (A15-12-01): Multiple Vulnerabilities in IBM Notes and Domino
Multiple vulnerabilities are found in IBM Notes and Domino. The bundled Java virtual machine (JVM) is susceptible to different attacks as listed in the Oracle Critical Patch Update Advisories (October 2015) which could be remotely exploited without authentication. A remote attacker could exploit the vulnerabilities by enticing a user to open a specially-crafted file or visit a malicious website.
GovCERT.HK - Security Alert (A15-09-05): Multiple Vulnerabilities in Cisco Products (September 2015)
Cisco has released three security advisories fixing a number of vulnerabilities in Cisco IOS and IOS XE software. An unauthenticated remote attacker could exploit the vulnerabilities in relation to several functions or protocols including SSH version 2 (SSHv2) using RSA-based user authentication, Network Address Translation (NAT) and Multiprotocol Label Switching (MPLS) services, and IPv6 snooping feature configured.
GovCERT.HK - Security Alert (A15-09-04): Multiple Vulnerabilities in Firefox
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by memory safety bugs in the browser engine, buffer overflow or use-after-free error. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.
GovCERT.HK - Security Alert (A15-09-03): Multiple Vulnerabilities in Adobe Flash Player
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by type confusion, various buffer overflow, use-after-free error, memory leak and memory corruption. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted web page, Flash file, or document that supports embedded Flash content.
GovCERT.HK - Security Alert (A15-08-08): Multiple Vulnerabilities in Firefox
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by use-after-free error or add-on notification bypass through "data:" URL. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.
GovCERT.HK - Security Alert (A15-08-01): Vulnerability in Firefox
Mozilla has published a security advisory to address a vulnerability found in Firefox. This vulnerability is caused by a problem that allows violation of the same origin policy to read local files. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerability.
GovCERT.HK - Security Alert (A15-07-11): Vulnerability in ISC BIND
A vulnerability is found in the Internet Systems Consortium (ISC) BIND software. A remote attacker could send a specially crafted packets to exploit an error in the handling of TKEY queries and trigger a REQUIRE assertion failure, causing BIND to exit. Access control lists or configuration options limiting or denying service cannot prevent the problem.
GovCERT.HK - Security Alert (A15-07-09): Vulnerability in Microsoft Windows
A vulnerability is identified in Microsoft Windows that could be exploited to compromise an affected system. Due to an error when Windows Adobe Type Manager Library handles OpenType fonts, an attacker could exploit to take control of the system if a user opens a specially crafted document or visit a webpage that contains embedded OpenType fonts.
GovCERT.HK - Security Alert (A15-07-05): Vulnerability in OpenSSL
By exploiting the vulnerability in the OpenSSL library, an attacker could bypass certain checks on certificates, such as the Certificate Authority (CA) flag check, enabling a certificate issued by a valid leaf certificate to be wrongly verified as issued by the valid CA.
GovCERT.HK - Security Alert (A15-07-04): Multiple Vulnerabilities in Adobe Flash Player
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory corruption, heap buffer overflow, type confusion or use-after-free error. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted web page, Flash file, or document that supports embedded Flash content.
GovCERT.HK - Security Alert (A15-07-03): Multiple Vulnerabilities in Firefox and Thunderbird
Mozilla has published a security advisory to address multiple vulnerabilities found in Firefox and Thunderbird. These vulnerabilities are caused by memory safety bugs in the browser engine, use-after-free error, uses of uninitialised memory, poor validation, read of not owned memory in zip files and buffer overflows. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.
GovCERT.HK - Security Alert (A15-07-01): Multiple Vulnerabilities in Apple iOS
Apple has released software update fixing 33 vulnerabilities in iOS versions prior to iOS 8.4. These vulnerabilities are caused by problems in various iOS components. There are multiple attack vectors, a remote attacker could intercept SSL/TLS connections and perform man-in-the-middle (MITM) attacks (also known as Logjam attack). The attacker could also entice a user to open a specially crafted font file, PDF file, TIFF file, SMS or web page to exploit the vulnerabilities.
GovCERT.HK - Security Alert (A15-06-04): Multiple Vulnerabilities in OpenSSL
Multiple vulnerabilities are found in the OpenSSL library. A remote attacker could downgrade a vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography and perform man-in-the-middle attack (known as Logjam attack). A remote attacker could also launch denial of service attack by sending specially crafted public keys, certificate requests, certificates, PKCS#7 data or signedData messages to an affected system.
GovCERT.HK - Security Alert (A15-06-02): Multiple Vulnerabilities in Adobe Flash Player
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory corruption/leak, stack/integer overflow, use-after-free or security restrictions bypass issues. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted web page, Flash file, or document that supports embedded Flash content.
GovCERT.HK - Security Alert (A15-05-03): Multiple Vulnerabilities in Firefox and Thunderbird
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox and Thunderbird. These vulnerabilities are caused by memory safety bugs in the browser engine, buffer overflow during rendering SVG format graphics or parsing compressed XML content, an out-of-bounds read and write in asm.js during JavaScript validation, and a use-after-free flaw during text processing with vertical text enabled. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.
GovCERT.HK - Security Alert (A15-05-01): Multiple Vulnerabilities in IBM Notes, iNotes and Domino
IBM has issued a security bulletin to address two image parsing buffer overflow vulnerabilities in IBM Domino and one cross-site scripting vulnerability in the IBM Dojo Toolkit in IBM Notes, iNotes and Domino. A remote attacker could exploit these vulnerabilities by enticing a user to visit a specially crafted URL to execute scripts or sending a specially crafted bitmap (.BMP) image to the vulnerable Domino SMTP server.
GovCERT.HK - Security Alert (A15-04-10): Vulnerability in Firefox
Mozilla has published a security advisory to address a vulnerability found in Firefox. The vulnerability is caused by memory corruption during failed plugin initialization. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerability.
GovCERT.HK - Security Alert (A15-04-05): Multiple Vulnerabilities in Apple iOS
Apple has released software updates fixing 58 vulnerabilities in iOS versions prior to iOS 8.3. These vulnerabilities are caused by problems in various iOS components. There are multiple attack vectors, a remote attacker could entice a user to open a specially crafted web page, font file, configuration profile or iWork file, or install a malicious application to exploit the vulnerabilities. A local attacker could also connect the affected systems with a malicious external device to execute arbitrary code or access protected information of the affected systems.
GovCERT.HK - Security Alert (A15-04-03): Vulnerability in IBM Lotus Notes and Domino
IBM has published a security bulletin to address a vulnerability related to Factoring Attack on RSA-EXPORT Keys (FREAK) problem in TLS/SSL used in IBM Java in Notes and Domino. It allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use weaker or "export-grade" cryptography, which can be easily decrypted to steal or manipulate sensitive data.
GovCERT.HK - Security Alert (A15-04-02): Multiple Vulnerabilities in Firefox
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by a flaw in Reader mode on Firefox for Android to bypass restrictions and load privileged content, and a flaw in the HTTP Alternative Service implementation to bypass SSL certificate verification to launch man-in-the-middle attacks. A remote attacker could entice a user to open a web page in a specially configured server or with specially crafted content to exploit the vulnerabilities.
GovCERT.HK - Security Alert (A15-04-01): Multiple Vulnerabilities in Firefox and Thunderbird
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox and Thunderbird. These vulnerabilities are caused by memory safety bugs in the browser engine, a use-after-free flaw in handling certain MP3 files by Fluendo MP3 plugin, memory corruption during 2D graphics rendering and type confusion flaws. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.
