Weekly threat roundup: Nvidia, Linux, macOS
Pulling together the most dangerous and pressing flaws that businesses need to patch
Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.
Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.
Hackers could abuse Windows flaw to steal corporate data
Cyber criminals could exploit a vulnerability in Active Directory Federated Services (AD FS) to take over Microsoft 365 accounts and steal sensitive data, researchers have warned.
AD FS is a feature in Windows Servers that allow federated identity and access management (IAM), which many businesses use to add single sign-on functionality to their enterprise applications. According to FireEye, however, hackers could spoof one AD FS server communication to another to obtain its keys. Unlike similar attacks from the past, such as the Golden SAML attack from 2017, attackers only need access to the AD FS server over the standard HTTP port to extract data.
The best mitigation against this technique is to use the Windows Firewall to restrict access to port 80 TCP to only the AD FS servers on-site. Should a business have only a single AD FS server, then port 80 TCP can be blocked completely. This is because all traffic to and from AD FS servers and proxies is over port 443 TCP.
Nvidia reveals severe bugs in GPU driver and vGPU software
Nvidia has disclosed a set of flaws in its GPU display driver which could expose users to several forms of attack including remote code execution, privilege escalation, denial of service (DoS) as well as information disclosure.
There are 13 flaws in total, including five GPU display driver bugs and eight vulnerabilities in Nvidia’s vGPU software. The most severe of the GPU display driver flaws is CVE-2021-1074, which exists in the installer and allows an attacker with local system access to replace an application resource with a malicious file. The vGPU software flaws include four highly severe input validation bugs that could lead to information disclosure, including bugs tracked as CVE-2021-1080, CVE-2021-1081, CVE-2021-1082, and CVE-2021-1083.
Patches for all 13 bugs are available to download from the Nvidia Driver Downloads page, or through the Nvidia Licensing Portal for the vGPU software update.
Linux flaw may cause data leaks
Researchers with Cisco have warned Linux users about an information disclosure flaw that could allow an attacker to view the kernel stack memory.
Tracked as CVE-2020-28588, the vulnerability exists in the /proc/pid/syscall functionality of 32-bit Arm devices running Linux. To exploit it, attackers only need to read the /syscall operating system file using Proc, a system used for establishing an interface between data structures. Because it’s a legitimate operating system file, exploitation is difficult to detect. If it's exploited correctly, hackers could then use the information leak to successfully exploit additional unpatched Linux flaws, Cisco claims.
Affected versions of Linux include 5.10-rc4, 5.4.66, and 5.9.8, although a patch was merged in December 2020. Users are advised to update their builds to later versions immediately.
Apple fixes Mac flaw exploited in the wild
NETSCOUT threat intelligence report
Cyber crime: Exploiting a pandemicDownload now
The latest version of Apple’s macOS arrived with a number of new features, as well as a fix for a dangerous vulnerability that was being exploited by cyber criminals to spread malware.
Despite several protections that Apple has built into its Mac operating system to safeguard users against malware, the vulnerability tracked as CVE-2021-30657 has been successfully exploited to bypass all of them. According to researcher Cedric Owens, this flaw has allowed attackers to easily craft a payload that isn’t checked by Gatekeeper, a technology designed to ensure that only trusted software is run on Mac devices.
Apple has patched this vulnerability, alongside two other flaws that may allow a malicious application to bypass Gatekeeper checks, with macOS Big Sur 11.3, in addition to several other flaws.
BCDR buyer's guide for MSPs
How to choose a business continuity and disaster recovery solutionDownload now
The definitive guide to IT security
Protecting your MSP and your customersDownload now
Cost of a data breach report 2020
Find out what factors help mitigate breach costsDownload now
The complete guide to changing your phone system provider
Optimise your phone system for better business resultsDownload now