WordPress releases new version 4.8.3 which serves as security release for all previous versions and it's strongly recommended to update sites immediately. WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability.

Apple just released iOS 11.1 and macOS High Sierra 10.13.1, which includes a variety of fixes, over 70 new emojis, and numerous security updates. Also released today are new updates for
tvOS, watchOS, Safari, iTunes and iCloud. Included in these security updates are the anticipated fixes for the WPA2 KRACK vulnerabilities, which were announced in the middle of October.

Researchers at Cisco Talos have discovered three vulnerabilities in Apache OpenOffice that can be exploited by malicious actors for remote code execution using specially crafted document files. The security holes, tracked as CVE-2017-9806, CVE-2017-12607 and CVE-2017-12608 affect the WW8Fonts and ImportOldFormatStyles components of the Writer application, and the PPTStyleSheet functionality in the Draw application. An attacker can create special documents that trigger an out-of-bounds write, which can be leveraged to cause the application to enter a denial-of-service (DoS) condition and crash, or execute arbitrary code. The vulnerabilities affect Apache OpenOffice versions 4.1.3 and prior, along with OpenOffice.org. Patches are included in version 4.1.4.