Weekly threat roundup: Android, Windows, Purple Fox

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Android zero-day under attack

Google has revealed that a now-patched vulnerability affecting Android devices fitted with Qualcomm CPUs is being exploited by cyber criminals to launch attacks.

The flaw, tracked as CVE-2020-11261, centres on an “improper input validation” issue in the Qualcomm Graphics component for smartphone displays. It has been exploited in limited cases to trigger memory corruption at the moment a malicious app, designed by the same hackers, requests access to a portion of the device’s memory.

The vulnerability, rated 8.4 on the CVSS threat severity scale, was first patched in January and detailed by Qualcomm in a blog post shortly after, although technical details weren’t disclosed in order to avoid exploitation.

F5 Networks BIG-IP flaw now being exploited

Researchers with NCC Group have found evidence that hackers have developed a viable exploit against a vulnerability previously discovered in F5 Networks’ BIG-IP family of network products.

F5 had previously warned its users about seven remote code execution flaws in its BIG-IP hardware and software products, with four of these rated ‘critical’. Although fixes were released at the time, cyber criminals have since found ways to infiltrate corporate networks by exploiting one flaw, tracked as CVE-2021-22986.

The vulnerability, rated 9.8 on the CVSS scale, lies in the iControl REST interface for the BIG-IP family, and also affects the firm’s BIG-IQ products. Attackers are exploiting the flaw to execute commands, create and delete files as well as disable services. This was the second most severe bug that F5 patched after the 9.9-rated CVE-2021-22987, which arose in the traffic management user interface (TMUI) when running BIG-IP in Application Mode.

Facebook shuts down hackers targeting iOS and Android devices

Facebook claims that it’s disrupted an operation that abused the social media network to spread malware across iOS and Android devices in order to spy on Uyghur people from the Chinese Xinjiang province.

The malware being deployed had advanced capabilities, including the capacity to steal all data stored on an infected device, according to the firm.

Hackers, allegedly sponsored by the Chinese government, planted JavaScript code on websites that were frequently visited by activists, journalists and dissidents originally based in Xinjiang, but who had since moved abroad. The group used a number of techniques to identify its targets and infect devices with malware, with Facebook used as a means of distributing links to malicious websites.

Microsoft fixes Windows PSExec vulnerability

Microsoft has patched a flaw in the Windows PsExec utility that allows users to gain elevated privileges on other Windows devices.

This is a tool designed to allow IT administrators to perform functions on remote computers, including launching programmes and displaying the output of their own machines on the remote device. The latest version of PSExec (v2.33), however, mitigates a flaw that allowed hackers to intercept credentials and even elevate user privileges.

The flaw was originally discovered in December 2020 by the Tenable researcher David Wells, and a micro patch affecting the most recent version was made available through the 0patch platform prior to the official fix.

Related Resource

Security best practices for PostgreSQL

Securing data with PostgreSQL

Security best practices for PostgreSQL - whitepaper from EDBDownload now

Critical flaw found in Apache’s OFBiz ERP software 

The open source Apache OFBiz software was, until recently, embedded with a vulnerability that could have allowed an unauthorised user to seize control of the entire enterprise resource planning (ERP) system remotely.

The Apache Software Foundation patched the flaw, tracked as CVE-2021-26295, in all versions of the Java-based web framework for automating ERP processes prior to 17.12.06.  This flaw uses an ‘unsafe deserialization’ as an attack vector to allow hackers to remotely execute arbitrary code directly on a server. If exploited, hackers could successfully take over Apache OFBiz entirely.

Adobe releases out-of-band update to fix ColdFusion bug 

Adobe has fixed a critical vulnerability in its ColdFusion web application development platform which may have allowed remote attackers to compromise affected systems. 

This vulnerability, tracked as CVE-2021-21087, exists due to insufficient input validation, meaning an attacker could send specially-crafted data to ColdFusion and execute arbitrary code on a targeted system.

Adobe has urged users to patch ColdFusion versions 2016, 2018 and 2021 as soon as possible to fix the critical flaw, although no known evidence for exploitation has been detected to date. This patch has been released outside of the regular Patch Tuesday release cycle, however, indicating the firm thinks businesses should apply it as soon as possible.

Purple Fox malware is now ‘wormable’

The Purple Fox Windows malware has developed functionality that allows it to spread between devices on an automated basis.

This strain, first discovered in March 2018, previously infected devices by using exploit kits targeting Internet Explorer browsers and through phishing campaigns. It’s been updated with functionality that allows it to propagate on an automated basis, however, according to researchers with Guardicore.

The new campaign, which has been running since the end of 2020, is based on a spreading technique that combines indiscriminate port scanning with the exploitation of server message block (SMB) services with weak passwords.

Organisations including the NHS have been put on alert over the malware’s new functionality, with researchers flagging a 600% uptick in infections since the new spreading method was added.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download


Kaspersky exposes MysterySnail zero-day exploit in Windows
zero-day exploit

Kaspersky exposes MysterySnail zero-day exploit in Windows

13 Oct 2021
Malware developers create malformed code signatures to avoid detection

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers

New malware uses search engine ads to target pirate gamers

21 Jul 2021
Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021