Security alert on: Oracle products, iOS, OS X El Capitan, vulnerabilities in BIND and Linux kernel vulnerability



Connectikpeople recalls that, Oracle has released its Critical Patch Update for January 2016 to address 248 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

 
Connectikpeople encourages users and administrators to review the Oracle January 2016 Critical Patch Update and apply the necessary updates.

At Apple; they have released security updates for iOS, OS X El Capitan, and Safari to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
Available updates include:
  • iOS 9.2.1 for iPhone 4s and later, iPod touch (5th generation) and later, and iPad 2 and later
  • OS X El Capitan 10.11.3 for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.2
  • Safari 9.0.3 for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.2
Users and administrators are encouraged to review Apple security updates for iOS, OS X El Capitan, and Safari and apply the necessary updates

The Internet Systems Consortium (ISC) has also released security updates to address vulnerabilities in BIND. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.
Available updates include:
  • BIND 9 version 9.9.8-P3
  • BIND 9 version 9.10.3-P3
  • BIND 9 version 9.9.8-S4
Connectikpeople recommends that users and administrators review ISC Knowledge Base Articles AA-01335 and AA-01336 and apply the necessary updates.

At the end, US-CERT is aware of a Linux kernel vulnerability affecting Linux PCs and servers and Android-based devices. Exploitation of this vulnerability may allow an attacker to take control of an affected system.
So, Connectikpeople recommends that users and administrators review the Redhat Security Blog and the Debian Security Bug Tracker for additional details and refer to their Linux or Unix-based OS vendors for appropriate patches.