Executive summary

Apple, Google, ownCloud and Zoom have all addressed vulnerabilities in their products which could be exploited by an attacker. The vulnerabilities could lead to remote code execution. The vulnerabilities impacting Google and ownCloud are actively being exploited by malicious actors.

Apple

Two new Zero-Days impacting Apples WebKit Browser were fixed in emergency updates. The two vulnerabilities allow attackers to gain access to sensitive information via an out-of-bounds read weakness and gain arbitrary code execution via maliciously crafted webpages.

Google Chrome

Google has addressed several vulnerabilities, including one actively exploited zero-day. The actively exploited zero-day is caused by a weakness within the Skia open-source 2D graphics library and can lead to remote execution. The vulnerability has been recorded as actively exploited.

ownCloud

Three vulnerabilities in the open-source file sharing software, ownCloud could disclose sensitive information and allow an attacker to modify files, if exploited. As a fix, ownCloud is recommending to delete the "owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php" file and disable the 'phpinfo' function. It is also advising users to change secrets like the ownCloud admin password, mail server and database credentials, and Object-Store/S3 access keys. One of the vulnerabilities has already been recorded as being actively exploited by malicious actors

Zoom

A vulnerability in Zoom could allow threat actors to take over meetings and steal data has been patched. Research has stated that the flaw was first discovered in June 2023. There are no reports of active exploitation in the wild at this time.

Zyxel

Zyxel have documented multiple security flaws in a range of products, including firewalls, access points and network attached storage (NAS) Devices, warning that unpatched devices are at risk of authentication bypass, command injection and denial-of-service attacks.

What’s the risk to me or my business?

There is a risk that that running unpatched versions of the above products will leave users at open to having the confidentiality, integrity and availability of their information compromised.

What can I do?

Black Arrow recommends organisations check whether they are running vulnerable versions of the above products, and if so, these should be updated to patched versions. Further information can be found below.

Further information about the Apple vulnerabilities can be found here:

https://www.bleepingcomputer.com/news/apple/apple-fixes-two-new-ios-zero-days-in-emergency-updates/

https://support.apple.com/en-gb/HT214031

https://support.apple.com/en-gb/HT214033

further information about the Google vulnerabilities can be found here:

https://thehackernews.com/2023/11/zero-day-alert-google-chrome-under.html

https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html

Further information about the ownCloud vulnerabilities can be found here:

https://thehackernews.com/2023/11/warning-3-critical-vulnerabilities.html

https://owncloud.com/security-advisories/subdomain-validation-bypass/

https://owncloud.com/security-advisories/webdav-api-authentication-bypass-using-pre-signed-urls/

https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/

Further information about the Zoom vulnerabilities can be found here:

https://www.hackread.com/zoom-vulnerability-hackers-hijack-meetings-data/

Further information about the Zyxel vulnerabilities can be found here:

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Executive Summary

Apple have released emergency updates to patch two zero-day vulnerabilities, including one actively exploited vulnerability, which target iPhone and iPad devices. The vulnerabilities allow an attacker to escalate privileges and perform remote code execution.

What’s the risk to me or my business?

Exploitation allows an attacker to elevate their privileges to the highest available and perform code execution. This allows attackers to perform actions such as extracting messages, photos, emails, and recording calls, impacting the confidentiality, integrity and availability of data.

Patches are available for:

• iPhone XS and later

• iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Technical Summary:

CVE-2023-42824- A kernel vulnerability allowing local attackers to escalate privileges on vulnerable iPhones and iPads. This vulnerability has been exploited against versions of iOS before 16.6.

CVE-2023-5217 – A heap buffer overflow weakness in libvpx which could allow code execution.

What can I do?

Users are recommended the apply the patches immediately, due to the active exploitation in the wild. Organisations should also be aware that the patches mean employees using Apple BYOD devices will need to apply the relevant patches, as this impacts corporate information which the devices have access to.

Further information can be found below:

https://support.apple.com/en-gb/HT213961  

Executive Summary

Mandiant recently published their report on zero-day attacks in 2022. A zero-day attack is an attack that relates to a previously unknown vulnerability and for the third year running, Microsoft, Google and Apple were the most frequently targeted by zero-day attacks. The most exploited avenues of attack were operating systems and browsers.

What’s the risk to me or my business?

A significant number of users include Microsoft, Google and or Apple as part of their supply chain and must therefore be aware of vulnerabilities in these vendors. It is not unusual for an exploited zero-day vulnerability to have a delay between the time it is discovered and the time it is patched; although sometimes a workaround is released in the meantime. The delay between disclosure and patching can potentially contribute to many systems remaining unpatched for months and workarounds can create a false sense of security during this period. An unpatched system leaves an organisation’s data at risk from compromise.

What can I do?

It is increasingly important for organisations to efficiently and effectively prioritise their patching and understand their part in the process; this should include organisations being aware of which systems are awaiting a patch, and of these, which are critical. Organisations who use SaaS solutions typically benefit from the vendor deploying patches but organisations should not become complacent and should, where appropriate, seek assurance that systems are indeed patched up to date.

To be more cyber resilient, organisations should make use of threat intelligence as part of their attack surface management and understanding of actively exploited vulnerabilities.

The report conducted by Mandiant can be found here: https://www.mandiant.com/resources/blog/zero-days-exploited-2022

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity