Black Arrow Cyber Advisory 12 February 2025 – Comprehensive Security Updates from Microsoft, Adobe, Apple, and More
Executive Summary
Microsoft’s Patch Tuesday for February 2025 included 63 security updates for its product line, including 2 actively exploited zero-day vulnerabilities. Several other major software and hardware vendors released critical security updates this month to address vulnerabilities that could be exploited by attackers.
Ivanti patched several critical flaws within its Connect Secure and Policy Secure products. Apple issued patches for its iOS and iPadOS devices to address a USB vulnerability that could allow for data exfiltration. Adobe provided updates addressing 45 vulnerabilities for several products, including InDesign, Commerce, Magento, Substance, Photoshop Elements, and Illustrator.
Fortinet published nine security advisories with updates addressing high, medium, and low severity security issues. They also updated a previous advisory from January with additional information and reference to CVE-2025-24472, which Arctic Wolf had previously highlighted in their breakdown of the attack pattern against Fortinet Fortigate Firewalls since November 2024.
OpenSSL released patches to address a vulnerability related to raw public keys, introduced with OpenSSL 3.2. Patches were released within versions 3.4.1, 3.3.2, and 3.2.4 to address the issue. As OpenSSL is utilised by many vendors, it may take some time for the updates to propagate to affected products.
SAP released 19 new security notes, including high, medium, and low vulnerabilities addressed by security patches. Zyxel recently released a security advisory on three reported vulnerabilities, informing customers to replace affected devices as they have reached end of life and are no longer supported.
Additionally, Intel, AMD, and Nvidia published new security advisories addressing high-severity vulnerabilities in their products. Intel released 34 security advisories across their product line, including a critical issue in their Server Board BMC Firmware. AMD released 11 security bulletins which included firmware patches for several high-severity vulnerabilities affecting their embedded processors. Nvidia issued four advisories for vulnerabilities within their Container, Triton, Jetson, and JPEG2000 products.
What’s the risk to me or my business?
The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.
What can I do?
Black Arrow recommends applying the available security updates for all supported versions of products that have been impacted by the various vulnerabilities. The updates should be applied as soon as possible for actively exploited vulnerabilities and all other vulnerabilities that have a critical or high severity ratings.
Microsoft
Further details on specific updates within this Microsoft patch Tuesday can be found here:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Feb
Ivanti, Apple, Adobe, Fortinet, OpenSSL, SAP, Zyxel, Intel, AMD & Nvidia
Further details of the vulnerabilities in affected Ivanti, Apple, Adobe, Fortinet, OpenSSL, SAP, Zyxel, Intel, AMD and Nvidia products can be found here:
https://www.ivanti.com/blog/february-security-update
https://support.apple.com/en-us/100100
https://helpx.adobe.com/security/security-bulletin.html
https://fortiguard.fortinet.com/psirt
https://openssl-library.org/news/secadv/20250211.txt
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/february-2025.html
https://www.intel.com/content/www/us/en/security-center/default.html
https://www.amd.com/en/resources/product-security.html
https://www.nvidia.com/en-us/security/
#threatadvisory #threatintelligence #cybersecurity