Security Patch Catch-All

Modern operating systems do a pretty good job of keeping themselves up to date nowadays. Many applications will also update themselves or notify you that you when it's necessary.

There's plenty of other popular software and hardware that still needs this done manually. Or maybe the auto-update feature was particularly annoying and you turned it off.

If you think there's a patch or vulnerability you should let the GWJ community know about, this is the place for it. Deep-dive discussions about something major like Spectre/Meltdown should go into its own thread, but new patch releases for it would still be appropriate here.

Open to all OSes and platforms (phones, wireless routers, etc.) that you think might impact your fellow forum-goers.

I'll start it off with a new Nvidia patch was released yesterday that addresses several CVEs. No remote exploits, but one is a local privilege escalation.

https://nvidia.custhelp.com/app/answers/detail/a_id/5142

If you're one of the people that avoids the Geforce Experience app due to its bloat, you should update your driver soon. Some of these apply to the Linux driver as well.

*nix (including MacOS): Patch your sudo.

Very easy local privilege escalation. Even if you're not running a multi-user system, all it takes is adding a weak password or unprivileged remote access exploit. Works in 1.8 and 1.9 versions if /etc/sudoers is present.

iOS devices have an active exploit that Apple just released a security patch for. Update to iOS 14.4 or iPadOS 14.4.

It'd be hard to miss this, but if you're running a server with Exim, make sure it's patched ASAP.

https://www.qualys.com/2021/05/04/21...

Holy cow, I had no idea exim was that bad. I use Postfix, myself, and now I fear what these researchers may find if they ever get around to looking. It was written very carefully, but it's like 25 years old now.

Exim is the default Debian mail server, so be sure to stay on top of updates if you're running that OS and haven't installed another mail program.

Doh! When I forget to add updates to a thread I started....

iOS updates were released a couple of days ago for actively-exploited vulnerabilities: https://arstechnica.com/gadgets/2021/05/apple-reports-2-ios-0days-that-let-hackers-compromise-fully-patched-devices/