IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Weekly threat roundup: Fortinet, Apple Mail, AMD Zen 3 CPUs

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Three Fortinet’s FortiOS vulnerabilities under attack

The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert last week warning businesses that hackers are scanning vulnerable Fortinet systems to gain access to corporate networks.

FortiOS, the software powering Fortinet’s security products, is embedded with three flaws tracked as CVE-2018-13379, CVE-2020-12812 and CVE-2019-5591. Although all three have been patched in the past, security agencies have recently detected an uptick in the number of cyber criminals exploiting them, largely because a handful of organisations have not yet applied the fixes.

The first and second flaws, each rated 9.8 on the CVSS threat severity scale, are a path traversal vulnerability and improper authentication issue, both affecting the FortiOS SSL VPN component. Hackers can exploit these bugs to download system files through HTTP requests, and also log in without being prompted for two-factor authentication (2FA) if they change the case of the username. The third is a default configuration issue in FortiOS 6.2.0, which can allow attackers to intercept sensitive data.

Zero-click Apple Mail flaw allows email spying

A vulnerability in Apple’s macOS Mail app could allow an attacker to add or modify any file inside its sandbox environment, opening the door for a range of attacks including information disclosure and account takeover.

The now-patched flaw, tracked as CVE-2020-9922, could be triggered without any user action, according to researcher Mikko Kenttala. The Mail app has a feature that lets it uncompress attachments that may have been automatically compressed by another Mail user. If an attacker sends an email with a malicious .ZIP file attached, for example, Mail’s tendency to automatically uncompress these files exposes the user to potential harm.

Although he only disclosed the flaw recently, Kenttala discovered the bug several months ago before informing the developer. Apple then patched the flaw in macOS Mojave 10.14.6, macOS High Sierra 10.13.6, and macOS Catalina 10.15.5.

Wormable Android malware spreading through WhatsApp texts

Related Resource

Taking a proactive approach to cyber security

A complete guide to penetration testing

A complete guide to penetration testing - whitepaper from CyberCxDownload now

A new strain of malware affecting Android smartphones is spreading itself between devices through fake WhatsApp messages.

Hidden in a fake application on the Google Play store called ‘FlixOnline’, this malware strain can automatically reply to a victim’s incoming WhatsApp messages with a malicious payload, should the user grant the fake app the right permissions. This method, according to Check Point Research, is unique and could allow hackers to distribute phishing attacks, spread false information, or steal credentials from users’ WhatsApp accounts.

The fake app claims to allow users to view Netflix content from anywhere in the world, although, in reality, it monitors users’ WhatsApp notifications and sends automatic replies which are embedded with content received from the C&C server. Because it’s wormable, it can spread without user interaction.

The researchers have warned users to be wary of downloading attachments, even if they come from trusted sources.

AMD Zen 3 CPUs embedded with Spectre-like vulnerability

The chipmaking giant AMD has warned users of a potentially significant flaw embedded in its Zen 3 processors that resembles the Spectre issue that infamously plagued Intel CPUs.

The side-channel attack centres on a technology known as Predictive Store Forwarding (PSF), which improves code execution performance by predicting the relationship between loads and stores. This is mostly accurate, although occasional miscalculations mean that software relying on sandboxing is at risk. This could open the door for side-channel attacks as we’ve seen in the past with Spectre and Meltdown flaws found in Intel CPUs.

The risk is low, AMD claims, and it hasn’t seen any code that’s considered vulnerable, nor has it seen any reported cases of an exploit. AMD recommends leaving PSF on as it improves the performance of its Zen 3 CPUs, although customers who do run software that relies on sandboxing can disabling PSF should they choose to.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022
Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022