September Patch Tuesday contains crucial fixes

      Comments Off on September Patch Tuesday contains crucial fixes

Photo showing plaster patch illustrating Patch TuesdayIn what’s become a regular fixture on the cybersecurity calendar, major tech giants recently issued a welter of updates as part of September’s Patch Tuesday.

Adobe has repaired a couple of flaws in its Flash Player, released an update for its RoboHelp help authoring tool and mended four glitches in ColdFusion – its commercial rapid web application development platform.

Google’s Android mobile OS has issued fixes for no less than 81 bugs in a range of its components – including Qualcomm, MediaTek and Broadcom.
As well as these, it patched a variety of holes in the Android kernel, system and media framework – none of which appear to have been abused by malicious actors as yet.

Microsoft has also released a swathe of fixes for over 80 defects, almost half of which are vulnerable to remote code execution, notably in its Edge and Internet Explorer browsers – four are out in the public domain and one has already been milked by hackers. Not good.

The most significant, however, is its ubiquitous and notoriously leaky .Net software framework, which allows hackers to use PDF files to hijack Windows PCs. Everyone should apply this fix straight away, as .Net is used universally and already has a track record for exploitation.