{"id":31898,"date":"2023-09-18T17:56:19","date_gmt":"2023-09-18T17:56:19","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=31898"},"modified":"2023-11-14T16:13:35","modified_gmt":"2023-11-14T16:13:35","slug":"weekly-vulnerability-recap-september-18-2023","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/","title":{"rendered":"Weekly Vulnerability Recap &#8211; September 18, 2023 &#8211; Patch Tuesday Also For Adobe, Apple and More"},"content":{"rendered":"\n<p><a href=\"https:\/\/www.esecurityplanet.com\/threats\/september-2023-patch-tuesday-microsoft-word-zero-day\/\">Microsoft\u2019s Patch Tuesday<\/a> dominates the headlines because of near-universal Windows adoption. However, many other companies time their updates for the same week, such as Adobe, SAP, and VMware.<\/p>\n\n\n\n<p>Active exploits also lead to new versions of all major browsers as well as older versions of Apple products. Organizations of all sizes need to review the active exploits and announced patches and ensure that vulnerabilities in all of their high value and high risk systems are mitigated.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Active Vulnerability Exploits This Week<\/h2>\n\n\n\n<p>Vulnerabilities are serious business, but the sheer number of assets and vulnerabilities can leave many IT and security teams struggling to keep up with <a href=\"https:\/\/www.esecurityplanet.com\/networks\/vulnerability-management\/\">vulnerability management<\/a> and <a href=\"https:\/\/www.esecurityplanet.com\/compliance\/patch-management-policy\/\">patch management<\/a>. However, once an attacker begins to actively exploit vulnerabilities, the risk becomes exponentially higher and these vulnerabilities must be prioritized for patching or mitigation.<\/p>\n\n\n\n<p>This week, the following active exploits of vulnerabilities were announced:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Iranian advanced persistent threat (APT) group <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-42475\" target=\"_blank\" rel=\"noreferrer noopener\">exploits January 2023 vulnerabilities<\/a> in <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-42475\" target=\"_blank\" rel=\"noreferrer noopener\">Fortinet firewalls<\/a> and <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-47966\" target=\"_blank\" rel=\"noreferrer noopener\">ManageEngine software<\/a> to perform remote code execution (RCE) on U.S. aeronautical targets<\/li>\n\n\n\n<li><a href=\"https:\/\/www.tenable.com\/blog\/cve-2023-20269-zero-day-vulnerability-in-cisco-asa-and-ftd-reportedly-exploited-ransomware-groups\" target=\"_blank\" rel=\"noreferrer noopener\">Ransomware groups exploit<\/a> the <a href=\"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-sept-11-2023\/\">September 8, 2023 announced Zero-Day vulnerability<\/a> in Cisco\u2019s Adaptive Security and Firepower Threat Defense appliances<\/li>\n<\/ul>\n\n\n\n<p><strong>See the top <a href=\"https:\/\/www.esecurityplanet.com\/products\/patch-management-software\/\">Patch<\/a> and <a href=\"https:\/\/www.esecurityplanet.com\/products\/vulnerability-management-software\/\">Vulnerability Management<\/a> products<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>September 13, 2023<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>3 Kubernetes RCE Vulnerabilities Patched<\/strong><\/h3>\n\n\n\n<p><strong>Type of attack:<\/strong> Remote code execution (RCE) attacks using YAML files in a Kubernetes cluster could execute on all Windows endpoints within the cluster.<\/p>\n\n\n\n<p><strong>The problem:<\/strong> <a href=\"https:\/\/www.akamai.com\/blog\/security-research\/kubernetes-critical-vulnerability-command-injection\" target=\"_blank\" rel=\"noreferrer noopener\">Akamai security researchers discovered<\/a> a high-severity vulnerability in which insecure function calls and lack of user input sanitation can allow RCE.<\/p>\n\n\n\n<p><strong>The fix:<\/strong> Update all Kubernetes versions 1.28 or older.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Numerous XSS Vulnerabilities in Microsoft Azure HDInsight<\/strong><\/h3>\n\n\n\n<p><strong>Type of attack:<\/strong> <a href=\"https:\/\/www.esecurityplanet.com\/endpoint\/prevent-xss-attacks\/\">Cross-site scripting<\/a> (XSS) vulnerabilities in various Apache services were incorporated into Azure HDInsight and could allow attackers to hijack web sessions.<\/p>\n\n\n\n<p><strong>The problem:<\/strong> <a href=\"https:\/\/orca.security\/resources\/blog\/cross-site-scripting-vulnerabilities-in-apache-services-azure-hd-insight\/\" target=\"_blank\" rel=\"noreferrer noopener\">Orca security researchers found<\/a> 8 important XSS vulnerabilities and demonstrated proof of concept of attacks.<\/p>\n\n\n\n<p><strong>The fix:<\/strong> All 8 vulnerabilities were patched by Microsoft as part of Patch Tuesday on August 8. However, HDInsight will not support in-place upgrades so security teams need to check for delays in the creation of new clusters with the updated version in some production environments.<\/p>\n\n\n\n<p><strong>Read More:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.esecurityplanet.com\/applications\/application-security-definition\/\"><strong>Application Security: Complete Definition, Types &amp; Solutions<\/strong><\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/networks\/website-vulnerability-scanners\/\"><strong>Best DevOps, Website, and Application Vulnerability Scanning Tools<\/strong><\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>September 12, 2023<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Adobe Recommends Applying Updates Within 72 Hours for Reader and Acrobat<\/strong><\/h3>\n\n\n\n<p><strong>Type of attack:<\/strong> An actively exploited <a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/787.html\" target=\"_blank\" rel=\"noreferrer noopener\">out-of-bounds write<\/a> attack can lead to RCE in Adobe Acrobat or Adobe Reader. <a href=\"https:\/\/helpx.adobe.com\/security\/products\/connect\/apsb23-33.html\" target=\"_blank\" rel=\"noreferrer noopener\">Adobe Connect<\/a> and <a href=\"https:\/\/helpx.adobe.com\/security\/products\/experience-manager\/apsb23-43.html\" target=\"_blank\" rel=\"noreferrer noopener\">Experience Manager<\/a> are also vulnerable to cross-site scripting (XSS) attacks that can access cookies, session tokens, and other information stored in web browsers.<\/p>\n\n\n\n<p><strong>The problem:<\/strong>&nbsp; <a href=\"https:\/\/helpx.adobe.com\/security\/products\/acrobat\/apsb23-34.html\" target=\"_blank\" rel=\"noreferrer noopener\">Adobe recognizes<\/a> the critical Acrobat\/Reader vulnerability, CVE-2023-26369, is currently being exploited on Windows and macOS systems. Adobe Connect and Experience Manager vulnerabilities are less urgent, but should also be patched.<\/p>\n\n\n\n<p><strong>The fix:<\/strong> Apply patches to update the relevant Adobe products.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Significant Vulnerabilities Patched for Apple, SAP, VMware<\/strong><\/h3>\n\n\n\n<p>Many other vendors joined Microsoft and Adobe in releasing vulnerability patches this week. Notable updates include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Apple applies the fix for <a href=\"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-sept-11-2023\/\">September 7th\u2019s BLASTPASS<\/a> vulnerability to older operating systems past support: iOS 15.7.9 and iPadOS 15.7.9 (as well as macOS Monterey and Big Sur) to cover older iPhone models (6s, 7, SE generation 1).<\/li>\n\n\n\n<li><a href=\"https:\/\/dam.sap.com\/mac\/app\/e\/pdf\/preview\/embed\/ucQrx6G?ltr=a&amp;rc=10\" target=\"_blank\" rel=\"noreferrer noopener\">SAP released patches<\/a> to fix 13 new vulnerabilities including a <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-40622\" target=\"_blank\" rel=\"noreferrer noopener\">critical information exposure vulnerability<\/a> rated CVSS 9.9 in Business Objects that could lead to complete application compromise.<\/li>\n\n\n\n<li>VMware fixed a<a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2023-0019.html\" target=\"_blank\" rel=\"noreferrer noopener\"> SAML token signature bypass vulnerability<\/a> in VMware Tools with a 7.5 CVSS score that could lead to privilege escalation in an attack.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read More:&nbsp;<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.esecurityplanet.com\/networks\/vulnerability-scanning-tools\/\"><strong>The 8 Best Vulnerability Scanner Tools for 2023<\/strong><\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/networks\/patch-management\/\"><strong>What is Patch Management? Getting Vulnerability Protection Right<\/strong><\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>September 11, 2023<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Actively-Exploited Zero-Day in Major Browsers<\/strong><\/h3>\n\n\n\n<p><strong>Type of attack:<\/strong> The active exploit is not revealed, but researchers note the potential for it to crash the browser or perform RCE attacks.<\/p>\n\n\n\n<p><strong>The problem:<\/strong>&nbsp; A heap buffer overflow vulnerability, <a href=\"https:\/\/chromereleases.googleblog.com\/2023\/09\/stable-channel-update-for-desktop_11.html\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2023-4863<\/a>, can overwrite code into memory because of a flaw in the libwebp library.<\/p>\n\n\n\n<p><strong>The fix:<\/strong> Update Chrome, <a href=\"https:\/\/learn.microsoft.com\/en-us\/deployedge\/microsoft-edge-relnotes-security\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Edge<\/a> (built on Chrome), Firefox (<a href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2023-40\/\" target=\"_blank\" rel=\"noreferrer noopener\">Mozilla<\/a>), and <a href=\"https:\/\/github.com\/brave\/brave-browser\/issues\/33032\" target=\"_blank\" rel=\"noreferrer noopener\">Brave<\/a> (built on Chrome) browsers as well as the Thunderbird (Mozilla) email client.<\/p>\n\n\n\n<p><strong>See the <a href=\"https:\/\/www.esecurityplanet.com\/products\/edr-solutions\/\">Top Endpoint Detection and Response (EDR) Solutions in 2023<\/a><\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>September 8, 2023<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Buffer Overflow Zero-Days in Notepad++ With RCE Potential<\/strong><\/h3>\n\n\n\n<p><strong>Type of attack:<\/strong> Attackers could use specially crafted files to trick users into remote code execution (RCE) in older Notepad++ versions.<\/p>\n\n\n\n<p><strong>The problem:<\/strong> GitHub researcher Jaroslav Lobacevski <a href=\"https:\/\/securitylab.github.com\/advisories\/GHSL-2023-092_Notepad__\/\" target=\"_blank\" rel=\"noreferrer noopener\">found and reported<\/a> on four buffer overflow vulnerabilities. The most severe, rated CVSS 7.8 (high) could be used to execute arbitrary and potentially malicious code within Notepad++.<\/p>\n\n\n\n<p><strong>The fix:<\/strong> The four vulnerabilities and other bugs have been fixed in the latest version of the open source code editing product, <a href=\"https:\/\/notepad-plus-plus.org\/downloads\/v8.5.7\/\" target=\"_blank\" rel=\"noreferrer noopener\">Notepad++ 8.5.7<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Ubuntu Kernel OverlayFS Access To Root Vulnerability<\/strong><\/h3>\n\n\n\n<p><strong>Type of attack:<\/strong> Two <a href=\"https:\/\/www.crowdstrike.com\/blog\/crowdstrike-discovers-new-container-exploit\/\" target=\"_blank\" rel=\"noreferrer noopener\">new privilege escalation<\/a> attacks from non-root containers aim to obtain container root privileges.<\/p>\n\n\n\n<p><strong>The problem:<\/strong> Ubuntu\u2019s Linux kernel did not properly perform permission checks in certain situations and could allow attackers with access to a non-root container to execute files that could obtain root privileges.<\/p>\n\n\n\n<p><strong>The fix:<\/strong> Ubuntu nodes should be upgraded to a patched kernel version. For unpatched nodes, actively monitor and detect non-root privileged containers and use Seccomp or AppArmour to block the use of the \u201cunshare\u201d command.<\/p>\n\n\n\n<p><strong>Read next:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/\"><strong>Network Protection: How to Secure a Network<\/strong><\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-sept-11-2023\/\"><strong>Weekly Vulnerability Recap \u2013 Sept. 11, 2023 \u2013 Android Update Fixes 33 Vulnerabilities<\/strong><\/a><\/li>\n<\/ul>\n\n\n\n<!-- ICP Plugin: Start --><div class=\"icp-list icp-list-main icp-list-body-top3 row\">\n    \n        <!--\n            ICP Plugin - body top3\n            ----------\n            Category: \n            Country: HK\n        -->\n    <\/div>\n<!-- ICP Plugin: End -->\n\n\n<div id=\"ta-campaign-widget-66d6fb84d738a-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n    \n<div\n    style=\"\n        --ta-campaign-plugin-primary: #3545ed;\n        --ta-campaign-plugin-button-text: #fff;\n        --ta-campaign-plugin-button-hover-background: #3231b4;\n        --ta-campaign-plugin-button-hover-text: #fff;\n        --ta-campaign-plugin-button-toggle-background: #3231b4;\n        --ta-campaign-plugin-button-toggle-text: #3231B4;\n    \"\n    data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n    <div\n        id=\"ta-campaign-widget-66d6fb84d738a\"\n        class=\"ta-campaign-widget ta-campaign-widget--popup\"\n        data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d6fb84d738a\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n                <div class=\"ta-campaign-widget__exit\">\n            <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n                <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n            <\/svg>\n        <\/div>\n        \n        <div class=\"ta-campaign-widget__wrapper\">\n            <div class=\"ta-campaign-widget__header mb-6\">\n                                <h3 class=\"ta-campaign-widget__tagline\">\n                    Get the Free Cybersecurity Newsletter                <\/h3>\n                \n                \n                                <p class=\"ta-campaign-widget__content mt-6\">\n                    Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday                <\/p>\n                            <\/div>\n\n            <form class=\"ta-campaign-widget__form\">\n                <div class=\"ta-campaign-widget__input mb-4\"  data-field=\"email\">\n                    <label\n                        class=\"sr-only\"\n                        for=\"email-66d6fb84d738a\">\n                        Email Address\n                    <\/label>\n                    <input\n                        class=\"ta-campaign-widget__input__text\"\n                        placeholder=\"Work Email Address\"\n                        id=\"email-66d6fb84d738a\"\n                        name=\"email\"\n                        type=\"email\">\n                <\/div>\n\n                                <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n                    <div class=\"flex items-start\">\n                        <input\n                            id=\"opt-in-66d6fb84d738a\"\n                            class=\"ta-campaign-widget__checkbox__input mr-2\"\n                            name=\"opt-in\"\n                            type=\"checkbox\"\/>\n                        <label\n                            class=\"ta-campaign-widget__checkbox__label\"\n                            for=\"opt-in-66d6fb84d738a\">\n                            By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.                        <\/label>\n                    <\/div>\n                <\/div>\n                \n                <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n                    Subscribe                <\/button>\n            <\/form>\n        <\/div>\n    <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>It wasn&#8217;t just Microsoft making news last week; Adobe, Apple, Chrome, SAP and VMware also pushed out updates for critical vulnerabilities.<\/p>\n","protected":false},"author":271,"featured_media":31900,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[15],"tags":[2369,3790,3414,23006,2478,730,4218,5277],"b2b_audience":[33,35],"b2b_industry":[],"b2b_product":[382,378,31780,31782,31775,392,396],"class_list":["post-31898","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threats","tag-cloud-security","tag-cybersecurity","tag-network-security","tag-patch-management","tag-ransomware","tag-security","tag-vulnerabilities","tag-web-security","b2b_audience-awareness-and-consideration","b2b_audience-implementation-and-support","b2b_product-application-security-vulnerability-management","b2b_product-endpoint-security","b2b_product-patch-management","b2b_product-threat-intelligence","b2b_product-web-applications-security","b2b_product-web-security","b2b_product-wireless-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Weekly Vulnerability Recap - September 18, 2023<\/title>\n<meta name=\"description\" content=\"It wasn&#039;t just Microsoft making news last week; Adobe, Apple, Chrome, SAP and VMware also pushed out updates for critical vulnerabilities.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Weekly Vulnerability Recap - September 18, 2023\" \/>\n<meta property=\"og:description\" content=\"It wasn&#039;t just Microsoft making news last week; Adobe, Apple, Chrome, SAP and VMware also pushed out updates for critical vulnerabilities.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2023-09-18T17:56:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-11-14T16:13:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/09\/esp_09182023-weekly-vulnerability-recap-september-18-2023.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1400\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Chad Kime\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chad Kime\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/\"},\"author\":{\"name\":\"Chad Kime\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9\"},\"headline\":\"Weekly Vulnerability Recap &#8211; September 18, 2023 &#8211; Patch Tuesday Also For Adobe, Apple and More\",\"datePublished\":\"2023-09-18T17:56:19+00:00\",\"dateModified\":\"2023-11-14T16:13:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/\"},\"wordCount\":897,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/09\/esp_09182023-weekly-vulnerability-recap-september-18-2023.png\",\"keywords\":[\"cloud security\",\"cybersecurity\",\"network security\",\"Patch Management\",\"ransomware\",\"security\",\"vulnerabilities\",\"Web security\"],\"articleSection\":[\"Threats\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/\",\"name\":\"Weekly Vulnerability Recap - September 18, 2023\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/09\/esp_09182023-weekly-vulnerability-recap-september-18-2023.png\",\"datePublished\":\"2023-09-18T17:56:19+00:00\",\"dateModified\":\"2023-11-14T16:13:35+00:00\",\"description\":\"It wasn't just Microsoft making news last week; Adobe, Apple, Chrome, SAP and VMware also pushed out updates for critical vulnerabilities.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/#primaryimage\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/09\/esp_09182023-weekly-vulnerability-recap-september-18-2023.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/09\/esp_09182023-weekly-vulnerability-recap-september-18-2023.png\",\"width\":1400,\"height\":900,\"caption\":\"Image: WrightStudio\/Adobe Stock\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Weekly Vulnerability Recap &#8211; September 18, 2023 &#8211; Patch Tuesday Also For Adobe, Apple and More\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9\",\"name\":\"Chad Kime\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg\",\"caption\":\"Chad Kime\"},\"description\":\"eSecurity Planet lead writer Chad Kime covers a variety of security, compliance, and risk topics. Before joining the site, Chad studied electrical engineering at UCLA, earned an MBA from USC, managed 200+ ediscovery cases, and helped market a number of IT and cybersecurity products, then transitioned into technical writing policies and penetration test reports for MSPs and MSSPs. In his free time, Chad enjoys walks on the beach with his wife, annoying his children, and trying to carve out time for movies, books, video games, and bike rides.\",\"url\":\"https:\/\/www.esecurityplanet.com\/author\/chad-kime\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Weekly Vulnerability Recap - September 18, 2023","description":"It wasn't just Microsoft making news last week; Adobe, Apple, Chrome, SAP and VMware also pushed out updates for critical vulnerabilities.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/","og_locale":"en_US","og_type":"article","og_title":"Weekly Vulnerability Recap - September 18, 2023","og_description":"It wasn't just Microsoft making news last week; Adobe, Apple, Chrome, SAP and VMware also pushed out updates for critical vulnerabilities.","og_url":"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/","og_site_name":"eSecurity Planet","article_published_time":"2023-09-18T17:56:19+00:00","article_modified_time":"2023-11-14T16:13:35+00:00","og_image":[{"width":1400,"height":900,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/09\/esp_09182023-weekly-vulnerability-recap-september-18-2023.png","type":"image\/png"}],"author":"Chad Kime","twitter_card":"summary_large_image","twitter_creator":"@eSecurityPlanet","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Chad Kime","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/"},"author":{"name":"Chad Kime","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9"},"headline":"Weekly Vulnerability Recap &#8211; September 18, 2023 &#8211; Patch Tuesday Also For Adobe, Apple and More","datePublished":"2023-09-18T17:56:19+00:00","dateModified":"2023-11-14T16:13:35+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/"},"wordCount":897,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/09\/esp_09182023-weekly-vulnerability-recap-september-18-2023.png","keywords":["cloud security","cybersecurity","network security","Patch Management","ransomware","security","vulnerabilities","Web security"],"articleSection":["Threats"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/","url":"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/","name":"Weekly Vulnerability Recap - September 18, 2023","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/#primaryimage"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/09\/esp_09182023-weekly-vulnerability-recap-september-18-2023.png","datePublished":"2023-09-18T17:56:19+00:00","dateModified":"2023-11-14T16:13:35+00:00","description":"It wasn't just Microsoft making news last week; Adobe, Apple, Chrome, SAP and VMware also pushed out updates for critical vulnerabilities.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/#primaryimage","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/09\/esp_09182023-weekly-vulnerability-recap-september-18-2023.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/09\/esp_09182023-weekly-vulnerability-recap-september-18-2023.png","width":1400,"height":900,"caption":"Image: WrightStudio\/Adobe Stock"},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/threats\/weekly-vulnerability-recap-september-18-2023\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"Weekly Vulnerability Recap &#8211; September 18, 2023 &#8211; Patch Tuesday Also For Adobe, Apple and More"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9","name":"Chad Kime","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg","caption":"Chad Kime"},"description":"eSecurity Planet lead writer Chad Kime covers a variety of security, compliance, and risk topics. Before joining the site, Chad studied electrical engineering at UCLA, earned an MBA from USC, managed 200+ ediscovery cases, and helped market a number of IT and cybersecurity products, then transitioned into technical writing policies and penetration test reports for MSPs and MSSPs. In his free time, Chad enjoys walks on the beach with his wife, annoying his children, and trying to carve out time for movies, books, video games, and bike rides.","url":"https:\/\/www.esecurityplanet.com\/author\/chad-kime\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/31898"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/271"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=31898"}],"version-history":[{"count":3,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/31898\/revisions"}],"predecessor-version":[{"id":32840,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/31898\/revisions\/32840"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media\/31900"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=31898"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=31898"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=31898"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=31898"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=31898"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=31898"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}