Vulnerability

Apple Zero-Day: How to Spot Devices to Update in Your Company in Seconds

Apr 2, 2022 By Matt Beran In InvGate

Just a couple of days after Google announced a high-risk zero-day vulnerability in Chrome, Apple disclosed two zero-day vulnerabilities affecting their operating system on both mobile and desktop devices. The company has already issued updates for its iOS and macOS users. The patched versions are as follows: As for the Apple zero-day exploits, they were reported anonymously.

Read Post

InvGate

Read more about Apple Zero-Day: How to Spot Devices to Update in Your Company in Seconds

Chrome Zero Day: Find vulnerable devices for patching

Mar 30, 2022 By InvGate In InvGate

Google issued an emergency security update due to the severity of exploit CVE-2022-1096. A few days later, Microsoft joined the recommendation, advising Chromium Edge users to update their browsers as well. Therefore, if you haven’t already, you should check your browser details to check if it’s updated to version 99.0.4844.84 of Chrome or version 99.0.1150.55 or higher of Edge. Matt Beran shows you how you can find vulnerable devices across your inventory for proactive patching using InvGate Insight.

View Video

InvGate

Read more about Chrome Zero Day: Find vulnerable devices for patching

Chrome zero-day: find devices with vulnerabilities across your inventory

Mar 30, 2022 By InvGate In InvGate

If you’re an asset manager or an application administrator, you must have had - or are about to have - a lot of work since there’s a new Chrome zero-day vulnerability in the wild. Google issued an emergency security update due to the severity of exploit CVE-2022-1096. A few days later, Microsoft joined the recommendation, advising Chromium Edge users to update their browsers as well.

Read Post

InvGate

Read more about Chrome zero-day: find devices with vulnerabilities across your inventory

Zulip Cloud security vulnerability with reusable invitation links

Feb 25, 2022 By Alex Vandiver In Zulip

An internal investigation recently uncovered a vulnerability (identified as CVE-2022-21706) in Zulip’s invitation links. Specifically, a reusable invitation link could be used to join a different organization than the one it was created for. As a result, there was a potential for users to join any organization without an invitation (and bypassing domain restrictions). This vulnerability was discovered by the Zulip security team, and has now been fixed for all Zulip Cloud organizations.

Read Post

Zulip

Read more about Zulip Cloud security vulnerability with reusable invitation links

Log4j: Two Tricks to Make Your Next Vulnerability Less Chaotic

Dec 16, 2021 By Matt Beran In InvGate

Tl;dr: Log4j is a mess, if you’re chasing down the applications, services and servers that use Java; consider the suggestions below to make zero day patching easier.

Read Post

InvGate

Read more about Log4j: Two Tricks to Make Your Next Vulnerability Less Chaotic

Coordinated disclosure of XML round-trip vulnerabilities in Go's standard library

Dec 14, 2020 By Juho Nurminen In Mattermost

This blog post is a part of Mattermost’s public disclosure of three serious vulnerabilities in Go’s encoding/xml related to tokenization round-trips. The public disclosure comes as a result of several months of work, including collaborating with the Go security team since August 2020 and with affected downstream project maintainers since earlier this month.

Read Post