ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ22ÖÜ

Ðû²¼Ê±¼ä 2020-06-01

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê05ÔÂ25ÈÕÖÁ05ÔÂ31ÈÕ¹²ÊÕ¼Çå¾²Îó²î58¸ö£¬ÖµµÃ¹Ø×¢µÄÊÇTrendMicro InterScan Web Security Virtual Appliance LogSettingHandlerÏÂÁî×¢ÈëÎó²î; IBM Security Identity Governance and IntelligenceδÊÚȨÏÂÁîÖ´ÐÐÎó²î£»Apple macOS Catalina FontParser´úÂëÖ´ÐÐÎó²î£»Inductive Automation Ignition·´ÐòÁл¯´úÂëÖ´ÐÐÎó²î£»Ubiquiti Networks AirOS OSÏÂÁî×¢ÈëÎó²î¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊÇÃÀ¹úCISA¡¢DOEºÍÓ¢¹úµÄNCSCÍŽáÐû²¼¡¶ICSÍøÂçÇå¾²×î¼Ñʵ¼ù¡·£»ºÚ¿Í×éÖ¯Maze¹¥»÷¸ç˹´ïÀè¼ÓÒøÐУ¬ÇÔÈ¡ÆäÐÅÓÿ¨ÐÅÏ¢£»Ì©¹úÒƶ¯ÔËÓªÉÌAIS±£´æÇå¾²ÎÊÌ⣬й¶83ÒÚÌõÓû§¼Í¼£»AndroidÎó²îStrandHogg 2.0±»Åû¶£¬Ó°ÏìÁè¼Ý10ÒŲ́װ±¸£»AppleÐû²¼Çå¾²¸üУ¬ÐÞ¸´macOSºÍSafariÖÐ50¶àÎó²î¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬±¾ÖÜÇå¾²ÍþвΪÖС£



>Ö÷ÒªÇå¾²Îó²îÁбí


1.Trend Micro InterScan Web Security Virtual Appliance LogSettingHandlerÏÂÁî×¢ÈëÎó²î


Trend Micro InterScan Web Security Virtual Appliance LogSettingHandlerÀàÆÊÎömount_device²ÎÊýʱ±£´æÊäÈëÑéÖ¤Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉÖ´ÐÐí§ÒâÏÂÁî¡£

https://www.zerodayinitiative.com/advisories/ZDI-20-676/


2. IBM Security Identity Governance and IntelligenceδÊÚȨÏÂÁîÖ´ÐÐÎó²î


IBM Security Identity Governance and Intelligence±£´æÇå¾²Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉδÊÚȨִÐÐÏÂÁî¡£

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4231/


3. Apple macOS Catalina FontParser´úÂëÖ´ÐÐÎó²î


Apple macOS Catalina FontParser±£´æÇå¾²Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄPDFÎļþÇëÇ󣬿ÉÔ½½çд£¬ÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£

https://support.apple.com/zh-cn/HT211170


4. Inductive Automation Ignition·´ÐòÁл¯´úÂëÖ´ÐÐÎó²î


Inductive Automation Ignition±£´æ·´ÐòÁл¯Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£

https://www.us-cert.gov/ics/advisories/icsa-20-147-01


5. Ubiquiti Networks AirOS OSÏÂÁî×¢ÈëÎó²î


Ubiquiti Networks AirMax AirOS±£´æÊäÈëÑéÖ¤Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿É×¢Èëí§ÒâÏÂÁî²¢Ö´ÐС£

https://community.ui.com/releases/Security-advisory-bulletin-011-011/d0d411a5-6dcb-4988-9709-d57f50957261



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢ÃÀ¹úCISA¡¢DOEºÍÓ¢¹úµÄNCSCÍŽáÐû²¼¡¶ICSÍøÂçÇå¾²×î¼Ñʵ¼ù¡·


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.us-cert.gov/ncas/current-activity/2020/05/22/cisa-doe-and-uks-ncsc-issue-guidance-protecting-industrial-control


2¡¢ºÚ¿Í×éÖ¯Maze¹¥»÷¸ç˹´ïÀè¼ÓÒøÐУ¬ÇÔÈ¡ÆäÐÅÓÿ¨ÐÅÏ¢



ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/hackers-leak-credit-card-info-from-costa-ricas-state-bank/


3¡¢Ì©¹úÒƶ¯ÔËÓªÉÌAIS±£´æÇå¾²ÎÊÌ⣬й¶83ÒÚÌõÓû§¼Í¼


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://techcrunch.com/2020/05/24/thai-billions-internet-records-leak/


4¡¢AndroidÎó²îStrandHogg 2.0±»Åû¶£¬Ó°ÏìÁè¼Ý10ÒŲ́װ±¸


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/critical-android-bug-lets-malicious-apps-hide-in-plain-sight/


5¡¢AppleÐû²¼Çå¾²¸üУ¬ÐÞ¸´macOSºÍSafariÖÐ50¶àÎó²î


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.securityweek.com/apple-patches-over-40-vulnerabilities-macos-catalina