Security vendor Sophos has released an update for the software used on its Web gateway security appliance in order to address three serious vulnerabilities in the product's Web-based user interface. The vulnerabilities could allow attackers to gain access to configuration files containing sensitive information like plaintext passwords for other internal network services, execute commands as a highly privileged system user and launch phishing attacks against users of the appliance.