Pulse Secure VPNs Get New Urgent Update for Poorly Patched Critical Flaw.


To address an insufficient patch for an actively exploited hole, Pulse Secure has released a fix for a major postauthentication remote code execution (RCE) vulnerability in its Connect Secure virtual private network (VPN) appliances.

An uncontrolled archive extraction vulnerability in the Pulse Connect Secure appliance allows an attacker to overwrite arbitrary files, resulting in Remote Code Execution as root.

Read More…