Anyone can pretend to be your Windows IT support and take command of staff devices
But wait, there's more! Workspace ONE Assist is also afflicted with a 6.4-rated cross-site scripting vulnerability that – thanks to improper user input sanitization – can be exploited, with some user interaction, to inject and run malicious JavaScript code in the victim's window.
There's also CVE-2022-31689 to worry about – a 4.2-rated vuln that enables a malicious actor who obtains a valid session token to authenticate to the application using that token. These flaws apply to versions 21.x and 22.x of Workspace ONE Assist. Version 21.x appears to have debuted in early 2021, while the 22.x series emerged in March 2022.
Version 22.10 clears up all of the above messes, adds a few features, and tidies up some other issues. It's yours for the downloadingVMware hat-tipped Jasper Westerman, Jan van der Put, Yanick de Pater, and Harm Blankers of REQON IT-Security for discovering and reporting the security weaknesses. In happier news for Virtzilla, the company has announced that its cloudy wares are now available through HPE's GreenLake ITaaS platform, plus – irony alert – a"
Danmark Seneste Nyt, Danmark Overskrifter
Similar News:Du kan også læse nyheder, der ligner denne, som vi har indsamlet fra andre nyhedskilder.
VMware suggests 'Sovereign SaaS' for simpler complianceReveals closer ties to Equinix and Wipro as Broadcom finds new ways to promise peace
Læs mere »
Closing windows to keep warm this winter 'increases health risk'As the cost of living crisis continues to hit families across the UK, a leading academic has urged people to take steps to protect their health ❄️😷
Læs mere »
Glasgow vandals smash 50 primary school windows in 'outrageous' attacksA police inspector said the school is on their radar while a councillor said it cannot go on.
Læs mere »
Microsoft tests 'upsell' ads in Windows 11 sign-out menuMicrosoft tests 'upsells' of its products in Windows 11 sign-out menu
Læs mere »