Weekly threat roundup: Fortinet, Apple Mail, AMD Zen 3 CPUs

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Three Fortinet’s FortiOS vulnerabilities under attack

The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert last week warning businesses that hackers are scanning vulnerable Fortinet systems to gain access to corporate networks.

FortiOS, the software powering Fortinet’s security products, is embedded with three flaws tracked as CVE-2018-13379, CVE-2020-12812 and CVE-2019-5591. Although all three have been patched in the past, security agencies have recently detected an uptick in the number of cyber criminals exploiting them, largely because a handful of organisations have not yet applied the fixes.

The first and second flaws, each rated 9.8 on the CVSS threat severity scale, are a path traversal vulnerability and improper authentication issue, both affecting the FortiOS SSL VPN component. Hackers can exploit these bugs to download system files through HTTP requests, and also log in without being prompted for two-factor authentication (2FA) if they change the case of the username. The third is a default configuration issue in FortiOS 6.2.0, which can allow attackers to intercept sensitive data.

Zero-click Apple Mail flaw allows email spying

A vulnerability in Apple’s macOS Mail app could allow an attacker to add or modify any file inside its sandbox environment, opening the door for a range of attacks including information disclosure and account takeover.

The now-patched flaw, tracked as CVE-2020-9922, could be triggered without any user action, according to researcher Mikko Kenttala. The Mail app has a feature that lets it uncompress attachments that may have been automatically compressed by another Mail user. If an attacker sends an email with a malicious .ZIP file attached, for example, Mail’s tendency to automatically uncompress these files exposes the user to potential harm.

Although he only disclosed the flaw recently, Kenttala discovered the bug several months ago before informing the developer. Apple then patched the flaw in macOS Mojave 10.14.6, macOS High Sierra 10.13.6, and macOS Catalina 10.15.5.

Wormable Android malware spreading through WhatsApp texts

Related Resource

Taking a proactive approach to cyber security

A complete guide to penetration testing

A complete guide to penetration testing - whitepaper from CyberCxDownload now

A new strain of malware affecting Android smartphones is spreading itself between devices through fake WhatsApp messages.

Hidden in a fake application on the Google Play store called ‘FlixOnline’, this malware strain can automatically reply to a victim’s incoming WhatsApp messages with a malicious payload, should the user grant the fake app the right permissions. This method, according to Check Point Research, is unique and could allow hackers to distribute phishing attacks, spread false information, or steal credentials from users’ WhatsApp accounts.

The fake app claims to allow users to view Netflix content from anywhere in the world, although, in reality, it monitors users’ WhatsApp notifications and sends automatic replies which are embedded with content received from the C&C server. Because it’s wormable, it can spread without user interaction.

The researchers have warned users to be wary of downloading attachments, even if they come from trusted sources.

AMD Zen 3 CPUs embedded with Spectre-like vulnerability

The chipmaking giant AMD has warned users of a potentially significant flaw embedded in its Zen 3 processors that resembles the Spectre issue that infamously plagued Intel CPUs.

The side-channel attack centres on a technology known as Predictive Store Forwarding (PSF), which improves code execution performance by predicting the relationship between loads and stores. This is mostly accurate, although occasional miscalculations mean that software relying on sandboxing is at risk. This could open the door for side-channel attacks as we’ve seen in the past with Spectre and Meltdown flaws found in Intel CPUs.

The risk is low, AMD claims, and it hasn’t seen any code that’s considered vulnerable, nor has it seen any reported cases of an exploit. AMD recommends leaving PSF on as it improves the performance of its Zen 3 CPUs, although customers who do run software that relies on sandboxing can disabling PSF should they choose to.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021
Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021