Patch Tuesday dyal April: Thograt khatira kat-t'attaqa f SAP, Adobe, Microsoft, u Fortinet
Patch Tuesday dyal April: Thograt khatira kat-t'attaqa f SAP, Adobe, Microsoft, u Fortinet
Weslat l-cycle dyal Patch Tuesday dyal chher April m3aha kmiyya kbira dyal l-updates dyal l-amn (security), bach t-repairi thograt f-bezzaf dyal l-andima l-mouhimma f-charikat. F-rass l-li'iha, lqinah thograt kritik f SAP, Adobe, Fortinet, u Microsoft — u chi wehdin fihom rahom m-exploitiyin (under attack) f l-waqi3 mn taraf hackers.
TL;DR (khoulasa)
- SAP: Score CVSS qrib l-kamal (9.9) 3la qbel toghrat SQL injection f Business Warehouse u BPC.
- Adobe: Teqrar 3la istiqlal (exploitation) dyal Zero-day f Acrobat Reader; u t-reparaw thograt kritik bezzaf f ColdFusion.
- Microsoft: Kharjat 169 patch, fihom bug dyal spoofing f SharePoint Server li m-exploiti daba nite.
- Fortinet: Thograt khatira f FortiSandbox li kat-khalli l-hackers idouzu l-authentication u idiru OS command injection.
SAP: SQL Injection Khatira (CVSS 9.9)
Akhtar toghra f had l-cycle dyal had chher kat-aqi SAP Business Planning and Consolidation (BPC) u SAP Business Warehouse (BW). Had l-bug m-tracki b CVE-2026-27681, u had l-SQL injection 3ndha score CVSS dyal 9.9.
3la hsab charikat l-amn Onapsis, had l-toghra kayna f wahd l-bernamaj ABAP li kay-khalli ay wahd 3ndu Salahiyat qlila i-uploadi chi fichi (file) fih awamir SQL. Ghir kat-uploada, l-system kay-fiyedha (execute). Ila t-exploitat, l-hacker iqdder:
- I-khrej (extract) data dyal l-charika li hssasa.
- I-msah aw i-fessed l-content dyal database.
- I-tla3eb b l-arqam dyal planning u l-taqarir l-maliya.
L-khoubama dyal Pathlock kay-hadru belli had l-toghra kat-khleq "triq bayna l-serqa dyal l-data b sekt u t-tkhrib dyal l-khedma," chi li iqdder i-drab l-taqarir dyal l-moudirin u l-planning dyal l-charika.
Adobe: Istiqlal Khaddam u Khatar f ColdFusion
Adobe sawbat wahd l-toghra kritik dyal remote code execution (RCE) f Adobe Acrobat Reader (CVE-2026-34621, CVSS 8.6). Li kay-khela3 houwa ana had l-toghra t-akkedat belli raha m-exploitiya f l-waqi3. L-hadd l-an, mazzal ma-3reftch chkoun houma had l-hackers, chkoun l-ahdaf dyalhom, aw ach-houwa l-hajm dyal had l-hamla.
Zid 3la hadchi, Adobe sawbat 5 dyal thograt kritik f ColdFusion (versions 2025 u 2023). Had thograt iqdderu i-diw l-execution dyal arbitrary code, u DoS (denial-of-service), u l-qira'a dyal l-fichiyat dyal l-system. Mn bin had l-CVEs:
- CVE-2026-27304 (CVSS 9.3): Mouchkil f validation dyal input li kay-addi l-RCE.
- CVE-2026-34619 (CVSS 7.7): Path traversal li kay-khalli l-hacker i-douz l-security features.
Microsoft: 169 Mouchkil raba l-Istiqlal
Update dyal Microsoft dyal April fih bezzaf ma it-gal, kharjou patches l-169 mouchkil. Li m-inquiéti bezzaf houwa CVE-2026-32201 (CVSS 6.5), toghra dyal spoofing f Microsoft SharePoint Server li raha m-exploitiya daba nite.
Wkha Microsoft ma-3tatch tafasil kmlat 3la kifach had l-bug kay-t-stghal, l-bahitin f l-amn kay-akkdu 3la l-khatar. Kev Breen mn Immersive gal belli s-serveurat dyal SharePoint houma "kounouz" l-serqa dyal l-data u l-fidiya (ransomware). Mn l-fouq hadchi, ila t-hackat SharePoint, iqdder i-t-stghal bach i-hostiw fih "documentat m-fekkha" bach i-douzu l-andima khora f l-charika.
Fortinet: FortiSandbox Taht l-3afya
Fortinet kharjat updates mouhimma l-produit dyalha FortiSandbox, bach t-repairi jouj thograt khatira b score CVSS dyal 9.1:
- CVE-2026-39813: Path traversal f JRPC API li kay-khalli l-hackers i-douzu bla authentication 3n triq HTTP requests m-gadine. (T-sawbat f versions 4.4.9 u 5.0.6).
- CVE-2026-39808: Toghra dyal OS command injection li kat-khalli arbitrary code it-fiyed b HTTP requests. (T-sawbat f version 4.4.9).
Updates 3amma f s-Sina3a
Mn ghir hadchi l-kbir, bezzaf dyal charikat khrin kharjou updates aw tanbihat had l-asabi3 l-fayta. Hadchi fih charikat l-cloud l-kbar bhal AWS u Google Cloud, s-sana3 l-matériel bhal AMD, Intel, u NVIDIA, u charikat l-infrastructure bhal Cisco, Citrix, u VMware.
Khoulassa
L-Patch Tuesday dyal April kay-byyen khatar jdid dyal exploitation Zero-day li kay-t-targeti l-qari' dyal l-fichiyat u l-platformat l-mouchtaraka bhal SharePoint. L-administrateurs dyal s-système khasshom i-sibqi l-patch dyal SAP SQL injection hit score dyalha 3ali, u l-updates dyal Adobe Acrobat u Microsoft SharePoint hit rahom taht l-houjoum daba nite.
L-masdar: The Hacker News - April Patch Tuesday Fixes Critical Flaws