Weekly threat roundup: Nvidia, Linux, macOS

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Hackers could abuse Windows flaw to steal corporate data

Cyber criminals could exploit a vulnerability in Active Directory Federated Services (AD FS) to take over Microsoft 365 accounts and steal sensitive data, researchers have warned.

AD FS is a feature in Windows Servers that allow federated identity and access management (IAM), which many businesses use to add single sign-on functionality to their enterprise applications. According to FireEye, however, hackers could spoof one AD FS server communication to another to obtain its keys. Unlike similar attacks from the past, such as the Golden SAML attack from 2017, attackers only need access to the AD FS server over the standard HTTP port to extract data.

The best mitigation against this technique is to use the Windows Firewall to restrict access to port 80 TCP to only the AD FS servers on-site. Should a business have only a single AD FS server, then port 80 TCP can be blocked completely. This is because all traffic to and from AD FS servers and proxies is over port 443 TCP.

Nvidia reveals severe bugs in GPU driver and vGPU software

Nvidia has disclosed a set of flaws in its GPU display driver which could expose users to several forms of attack including remote code execution, privilege escalation, denial of service (DoS) as well as information disclosure.

There are 13 flaws in total, including five GPU display driver bugs and eight vulnerabilities in Nvidia’s vGPU software. The most severe of the GPU display driver flaws is CVE-2021-1074, which exists in the installer and allows an attacker with local system access to replace an application resource with a malicious file. The vGPU software flaws include four highly severe input validation bugs that could lead to information disclosure, including bugs tracked as CVE-2021-1080, CVE-2021-1081, CVE-2021-1082, and CVE-2021-1083.

Patches for all 13 bugs are available to download from the Nvidia Driver Downloads page, or through the Nvidia Licensing Portal for the vGPU software update.

Linux flaw may cause data leaks

Researchers with Cisco have warned Linux users about an information disclosure flaw that could allow an attacker to view the kernel stack memory.

Tracked as CVE-2020-28588, the vulnerability exists in the /proc/pid/syscall functionality of 32-bit Arm devices running Linux. To exploit it, attackers only need to read the /syscall operating system file using Proc, a system used for establishing an interface between data structures. Because it’s a legitimate operating system file, exploitation is difficult to detect. If it's exploited correctly, hackers could then use the information leak to successfully exploit additional unpatched Linux flaws, Cisco claims.

Affected versions of Linux include 5.10-rc4, 5.4.66, and 5.9.8, although a patch was merged in December 2020. Users are advised to update their builds to later versions immediately.

Apple fixes Mac flaw exploited in the wild

Related Resource

NETSCOUT threat intelligence report

Cyber crime: Exploiting a pandemic

Threat intelligence report - whitepaper from NETSCOUTDownload now

The latest version of Apple’s macOS arrived with a number of new features, as well as a fix for a dangerous vulnerability that was being exploited by cyber criminals to spread malware.

Despite several protections that Apple has built into its Mac operating system to safeguard users against malware, the vulnerability tracked as CVE-2021-30657 has been successfully exploited to bypass all of them. According to researcher Cedric Owens, this flaw has allowed attackers to easily craft a payload that isn’t checked by Gatekeeper, a technology designed to ensure that only trusted software is run on Mac devices.

Apple has patched this vulnerability, alongside two other flaws that may allow a malicious application to bypass Gatekeeper checks, with macOS Big Sur 11.3, in addition to several other flaws.

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
Security researchers take control of a Tesla via drone
ethical hacking

Security researchers take control of a Tesla via drone

5 May 2021
Hackers used SonicWall zero-day flaw to plant ransomware
ransomware

Hackers used SonicWall zero-day flaw to plant ransomware

30 Apr 2021
New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Dell patches vulnerability affecting hundreds of computer models worldwide
cyber security

Dell patches vulnerability affecting hundreds of computer models worldwide

5 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021