CIS ADVISORY NUMBER: 2014-062
Multiple vulnerabilities have been identified in Mozilla Firefox and Thunderbird which could allow for remote code execution. Mozilla Firefox is a web browser used to access the Internet and Mozilla Thunderbird is an email client. Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user, or gaining session authentication credentials. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.
- Mozilla Firefox versions prior to 31
- Mozilla Firefox Extended Support Release (ESR) version prior to 24.7
- Mozilla Thunderbird versions prior to 31
Multiple Vulnerabilities in Apple iOS
CIS ADVISORY NUMBER: 2014-057
Multiple vulnerabilities have been discovered in Apple's mobile operating system, iOS. These vulnerabilities can be exploited by an attacker having physical access to the device, or if the user visits a specially crafted webpage. Successful exploitation could result in an attacker executing arbitrary code, cause denial-of-service conditions, gain unauthorized access, acquire sensitive information, bypass security restrictions, and perform other unauthorized actions.
- Apple iOS Prior to 7.1.2
- Large and medium government entities: High
- Small government entities: High
Updates for Multiple Vulnerabilities in Adobe Flash Player
CIS ADVISORY NUMBER: 2014-050
A security update has been released to address multiple vulnerabilities in Adobe Flash Player. Adobe Flash Player is a widely distributed multimedia and application player used to enhance the user experience when visiting web pages or reading email messages. Successful exploitation of this vulnerability could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts will likely cause denial-of-service conditions.
- Adobe Flash Player 126.96.36.199 and earlier versions for Windows
- Adobe Flash Player 188.8.131.52 and earlier versions for Macintosh
- Adobe Flash