Cisco, Apple Patch Security Glitches

Cisco Systems and Apple Computer each released new security patches meant to plug vulnerabilities discovered in their respective products.

The networking giant issued patches for several types of software, while industry watchdogs identified a separate issue in a discontinued model of its Linksys brand routers. For its part, Apple detailed an issue related to a Java-oriented element of its software update services.

Cisco specifically addressed a privilege escalation vulnerability identified by researchers in a number of its products that could allow attackers to take control of devices running the affected software. The issue is present in the company’s Cisco Wireless LAN Solution Engine, Cisco Hosting Solution Engine, Cisco User Registration Tool, Cisco Ethernet Subscriber Solution Engine and CiscoWorks2000 Service Management Solution.

Microsoft ‘fesses up to hiding details on vulnerabilities discovered internally. Click here to read why and why that policy is risky.

The company issued patches aimed to fix the glitches in the Hosting Solution Engine and User Registration Tool, but said that it will not distribute updates for the Ethernet Subscriber Solution Engine and Works2000 Service Management package as both products are no longer supported, having reached “end of life” status. Organizations still using those products can retain assistance from the company’s technical support staff, however.

The company issued a separate security advisory related to the Wireless LAN Solution Engine, which runs inside the Cisco networking appliance that bears the same name. According to the company, the appliance is affected by the privilege escalation vulnerability, along with an XSS (cross site scripting) vulnerability that could allow an attacker to gain administrative privileges on the system.

Read the full story on Cisco, Apple Patch Security Glitches