Weekly threat roundup: Nvidia, Linux, macOS

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Hackers could abuse Windows flaw to steal corporate data

Cyber criminals could exploit a vulnerability in Active Directory Federated Services (AD FS) to take over Microsoft 365 accounts and steal sensitive data, researchers have warned.

AD FS is a feature in Windows Servers that allow federated identity and access management (IAM), which many businesses use to add single sign-on functionality to their enterprise applications. According to FireEye, however, hackers could spoof one AD FS server communication to another to obtain its keys. Unlike similar attacks from the past, such as the Golden SAML attack from 2017, attackers only need access to the AD FS server over the standard HTTP port to extract data.

The best mitigation against this technique is to use the Windows Firewall to restrict access to port 80 TCP to only the AD FS servers on-site. Should a business have only a single AD FS server, then port 80 TCP can be blocked completely. This is because all traffic to and from AD FS servers and proxies is over port 443 TCP.

Nvidia reveals severe bugs in GPU driver and vGPU software

Nvidia has disclosed a set of flaws in its GPU display driver which could expose users to several forms of attack including remote code execution, privilege escalation, denial of service (DoS) as well as information disclosure.

There are 13 flaws in total, including five GPU display driver bugs and eight vulnerabilities in Nvidia’s vGPU software. The most severe of the GPU display driver flaws is CVE-2021-1074, which exists in the installer and allows an attacker with local system access to replace an application resource with a malicious file. The vGPU software flaws include four highly severe input validation bugs that could lead to information disclosure, including bugs tracked as CVE-2021-1080, CVE-2021-1081, CVE-2021-1082, and CVE-2021-1083.

Patches for all 13 bugs are available to download from the Nvidia Driver Downloads page, or through the Nvidia Licensing Portal for the vGPU software update.

Linux flaw may cause data leaks

Researchers with Cisco have warned Linux users about an information disclosure flaw that could allow an attacker to view the kernel stack memory.

Tracked as CVE-2020-28588, the vulnerability exists in the /proc/pid/syscall functionality of 32-bit Arm devices running Linux. To exploit it, attackers only need to read the /syscall operating system file using Proc, a system used for establishing an interface between data structures. Because it’s a legitimate operating system file, exploitation is difficult to detect. If it's exploited correctly, hackers could then use the information leak to successfully exploit additional unpatched Linux flaws, Cisco claims.

Affected versions of Linux include 5.10-rc4, 5.4.66, and 5.9.8, although a patch was merged in December 2020. Users are advised to update their builds to later versions immediately.

Apple fixes Mac flaw exploited in the wild

Related Resource

NETSCOUT threat intelligence report

Cyber crime: Exploiting a pandemic

Threat intelligence report - whitepaper from NETSCOUTDownload now

The latest version of Apple’s macOS arrived with a number of new features, as well as a fix for a dangerous vulnerability that was being exploited by cyber criminals to spread malware.

Despite several protections that Apple has built into its Mac operating system to safeguard users against malware, the vulnerability tracked as CVE-2021-30657 has been successfully exploited to bypass all of them. According to researcher Cedric Owens, this flaw has allowed attackers to easily craft a payload that isn’t checked by Gatekeeper, a technology designed to ensure that only trusted software is run on Mac devices.

Apple has patched this vulnerability, alongside two other flaws that may allow a malicious application to bypass Gatekeeper checks, with macOS Big Sur 11.3, in addition to several other flaws.

Featured Resources

2021 Thales cloud security study

The challenges of cloud data protection and access management in a hybrid and multi cloud world

Free download

IDC agility assessment

The competitive advantage in adaptability

Free Download

Digital transformation insights from CIOs for CIOs

Transformation pilotes, co-pilots, and engineers

Free download

What ITDMs did next - and what they should be doing now

Enable continued collaboration and communication for hybrid workers

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021

Most Popular

Microsoft 365 prices to soar by 20% for pay monthly subscribers
Managed service provider (MSP)

Microsoft 365 prices to soar by 20% for pay monthly subscribers

7 Dec 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
What is single sign-on (SSO)?
single sign-on (SSO)

What is single sign-on (SSO)?

2 Dec 2021