/jcloud.no/www/article/2023/09_security_update/index.html - jorgen

JCloud security update, September 2023

Multiple critical security vulnerabilibites in software from different vendors have been published since last update. Some of them are or could be closely related to JCloud services. Security information about these products are therefore published in this article.

JCloud do NOT use the following products, neither in infrastructure nor by its employees, and is therefore NOT vulnerable to any published security vulnerabilities in:

Cisco products
Citrix products
Juniper products
Microsoft products
MobileIron products
Google poducts

JCloud use the following products, but were NOT affected by the security vulnerabilities.

Apple Safari

CVE-2023-4863. Libwebp developed by Google

iOS - Employees use Lockdown mode causing devices to be unaffected.
Mac OS X - Not used

Firefox

CVE-2023-4863. Libwebp developed by Google

Webp is disabled by default. Per ISO compliance, employees are behind a WAF reducing the attack surface.

2023-09-13