Tag: security update

Categories
News Threats

Apple Releases Security Updates for Two Zero-Day Vulnerabilities

CISA vulnerabilities, Zero-Day Attack, zero-day vulnerabilities, Apple

The Citizen Lab informed about a new zero-click iMessage exploit, FORCEDENTRY, targeting Apple’s image rendering library. Apple released a security update to address the zero-day vulnerability infecting its products.

See also: Why Zero Trust Model is a Top Priority for Security Leaders Today

Not too long ago, media was rife with news about Pegasus spyware from Israeli company NSO Group being used to snoop on activists, journalists, people in political power, and senior government officials across the globe. A list of more than 50,000 people, which were supposedly targeted, was made public. An important aspect, in addition to the spyware, was the vulnerability discovered in the Apple products. The vulnerability was exploited by Pegasus spyware to infect Apple devices like iPhone, iPad, Apple Watch, or Mac, providing access to the camera and microphone and giving access to the digital life of the device user.

The recently reported vulnerability was assigned CVE-2021-30860 and is described as a maliciously crafted PDF that may lead to arbitrary code execution. Earlier in the year, Apple had added a security feature called ‘BlastDoor’ across its operating systems to add an extra security layer in the iMessage. The spyware bypasses this feature and surreptitiously plants itself on the infected device.

The Vulnerabilities

The vulnerabilities tracked as CVE-2021-30860 and CVE-2021-30858, allow maliciously crafted documents to execute commands when accessed on vulnerable devices.

Vulnerability CVE-2021-30860 CoreGraphics is an integer overflow bug discovered by Citizen Lab that allows maliciously crafted PDF to execute arbitrary code when opened in iOS and macOS.

CVE-2021-30858 is a WebKit used after a free vulnerability that allowed hackers to create maliciously crafted web pages that execute commands when they visit them on iPhones and macOS.

In an urgent update, Apple has urged its customers to run the latest software updates for the fixes to take effect by installing iOS 14.8, MacOS 11.6 and WatchOS 7.6.2.

With the next iOS 15 on the anvil, the company is expected to add security features to fix the spyware intrusion and tighten its defense.

Categories
News Threats

Microsoft to Launch Enforcement Mode to Address Critical “Zerologon” Flaw

Microsoft November 2021 Patch Tuesday, Windows 10, Microsoft PrintNightmare

Microsoft has alerted security admins that it is enabling Domain Controller enforcement mode by default to address a critical Remote Code Execution (RCE) vulnerability dubbed “Zerologon” that impacts the Netlogon protocol. The latest mode, which will be rolled out with the upcoming security update on February 9, 2021, will prevent vulnerable connections from non-compliant devices.

“Domain Controller enforcement mode requires that all Windows and non-Windows devices use secure Remote Procedure Call (RPC) with Netlogon secure channel unless customers have explicitly allowed the account to be vulnerable by adding an exception for the non-compliant device,” Microsoft said.

Zerologon – An Unpatched Flaw

The Zerologon (CVE-2020-1472), with a CVSSv3 score of 10.0, is a privilege escalation flaw in the Windows Netlogon Remote Protocol (MS-NRPC) that was patched in the Microsoft August Patch Tuesday. The vulnerability would have allowed attackers to hijack the Windows domain controller. All an attacker requires is local network access, which is also why it cannot be performed directly over the internet.

However, the Cybersecurity and Infrastructure Security Agency (CISA) stated that several proof-of-concept exploits caused widespread concern across the industry, and the bug remained unpatched in many government agencies.  In an emergency directive, the agency urged to update all Windows Servers with the domain controller role in any information systems that collects, processes, stores, transmits, disseminates, or maintains agency information.

Microsoft advised security admins and organizations to update their Domain Controllers with August 11, 2020, security update, monitor event logs to find out which devices are making vulnerable connections, and enable Domain Controller enforcement mode to address Zerologon flaw. In addition, the tech giant stated, “Organizations that deploy Microsoft Defender for Identity or Microsoft 365 Defender can detect adversaries as they try to exploit this specific vulnerability against their domain controllers.”

Categories
News Threats

Vulnerability Alert: NCSC Warns U.K. Organizations About SharePoint Flaw

NCSC

The National Cyber Security Centre (NCSC) in the U.K. has warned about a new remote code execution vulnerability (CVE–2020–16952), which affects Microsoft’s SharePoint products. In a security report, the agency stated that the vulnerability exists due to a validation issue in user-supplied data, which could allow an attacker to run arbitrary code and obtain admin access on affected installations of the SharePoint server.

“This vulnerability can be exploited when a user uploads a specially crafted SharePoint application package to an affected version of SharePoint,” the NCSC said. (Pullout quote)

The affected versions include:

  • Microsoft SharePoint Foundation 2013 Service Pack 1
  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Server 2019

Although the NCSC had noticed multiple exploitations of SharePoint vulnerabilities, it clarified that SharePoint online, which is a part of Office 365, is not affected by the flaw.

Mitigation Measures

The agency recommended users to apply security updates to mitigate the exploitation of the vulnerability and remediate the affected SharePoint products. It also listed certain protective measures for mitigation of other vulnerabilities, such as:

  • Protect your devices and networks by keeping them up-to-date. Use the latest supported versions, apply security updates promptly; use antivirus and scan regularly to guard against known malware threats.
  • Prevent and detect lateral movement in your organization’s
  • Set up a security monitoring capability so you are collecting the data that will be needed to analyze network intrusions.
  • Review and refresh your incident management processes.

Related story:

U.K. NCSC Launches New Vulnerability Reporting Toolkit

CISO MAG is running an Endpoint Security Survey for its year-ender issue. Spare five minutes, take our Survey, and win some exciting goodies. Don’t miss out! Take Survey Now!