Weekly threat roundup: Apple, AMD, and Google

The most dangerous and pressing cyber security exploits from the week gone by

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

‘Unpatchable’ flaws in Apple’s T2 security chip

A certain iteration of Apple’s T2 security-centric co-processing unit is embedded with two critical flaws that can be exploited in combination to grant hackers full access to targeted MacOS devices.

'Checkm8', originally an iPhone vulnerability, and 'Blackbird' can be exploited in the T2 security chips built on Apple’s A10 architecture, present in some, but not the newest, Macs.

The CheckM8 bug allows hackers to circumvent the activation lock, and ‘jailbreak’ targeted devices. Once this happens, the T2 chip would normally exit with a fatal error if it recognised that the Device Firmware Update (DFU) mode was enabled. With the Blackbird exploit, however, hackers are able to bypass this critical security check, and gain full root access to the device.

Alarmingly, according to Iron Peak, the core vulnerability is can't be patched through software updates as the T2 operating system is classed in read-only memory for security reasons. The bugs currently affect Mac devices shipped with Intel CPUs, and may not affect units fitted with Arm-based processors, although there’s no guarantee.

85 flaws in Android and Google Chrome 

Google has released patches to fix severe bugs in both its Chrome web browser and its Android operating system this week. The firm fixed 35 flaws in the former, and more than 50 vulnerabilities in the latter.

With the release of Chrome 86, Google has patched a critical flaw in the browser’s payments component, tagged CVE-2020-15967. This is a use-after-free memory corruption vulnerability that would give rise to various problems, including scope for a programme to crash or the execution of arbitrary code.

The pick of the Android flaws, of which 22 were rated critical, includes two escalation of privilege bugs that exist in the core of the operating system. These two, tagged CVE-2020-0215 and CVE-2020-0416, can be exploited remotely by an attacker using a specially crafted transmission.

Common flaws in widely-used anti-malware tools

Cyberark has disclosed a series of vulnerabilities present in the widely-used products developed by many cyber security vendors, including McAfee, Kaspersky, Checkpoint and Fortinet, among others.

These bugs, of which there are at least 12, often allow hackers to execute a privilege escalation attack of the local system, with anit-virus software targeted specifically because of their high privileges. One example of an exploitable flaw is the Shared Log File bug, which is present in Avira’s antivirus software, while another is DLL hijacking, which researchers demonstrated as being exploitable in TrendMicro’s antivirus software 

Cyberark has estimated that “probably every Windows machine” has had at least one software that could be abused to gain elevated privileges using file manipulation attacks. 

IoT botnet Ttint exploiting unpatched Tenda routers 

Attackers are exploiting two flaws in routers manufactured by Tenda to spread a remote access troject (RAT) heavily based on the Mirai malware to create a sophisticated botnet.

Two zero-day flaws tagged as CVE-2018-14558 and CVE-2020-10987, as highlighted by Netlab, are being exploited by the malware to not only create this botnet, but also conduct remote code execution attacks.

In addition to ten distributed denial of service (DDoS) attack instructions, there are also 12 different remote access methods embedded in the RAT, according to analysis. This additional functionality stands it apart from most other botnets. 

When running, Ttint deletes its own files, manipulates the watchdog, and prevents an affected route from restarting. The malware also runs on a single instance by binding to the port, and modifies the process name to confuse the user. Neither flaw has been patched to date, Netlab claims.

AMD glitch that could cause BSOD

A denial-of-service vulnerability exists in AMD-manufactured graphics card drivers that may result in a user’s system to crash, and produce the dreaded blue screen of death (BSOD).

Related Resource

Improving cyber security for remote working

13 recommendations for security from any location

Download now

The flaw lies in the way a specially-crafted D3DKMTCreateAllocation API request may cause an out-of-bounds read and denial of service, and can be triggered from non-privileged user accounts. Cisco Talos researchers, who discovered the vulnerability, claim an attack can influence the read address when this function is triggered by modifying the payload, and cause such a system crash deliberately.

The bug, tagged as CVE-2020-12911, has been rated 7.1 on the CVSS scale, but won’t be patched until early in the first quarter of 2020.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

How can you protect your business from crypto-ransomware?
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019
Microsoft spearheads industry-wide charter against AI cyber attacks
Security

Microsoft spearheads industry-wide charter against AI cyber attacks

23 Oct 2020
Weekly threat roundup: Chrome, Citrix and WordPress
Security

Weekly threat roundup: Chrome, Citrix and WordPress

23 Oct 2020
IT services giant Sopra Steria falls victim to Ryuk ransomware
Security

IT services giant Sopra Steria falls victim to Ryuk ransomware

23 Oct 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020