Weekly threat roundup: Nvidia, Linux, macOS

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Hackers could abuse Windows flaw to steal corporate data

Cyber criminals could exploit a vulnerability in Active Directory Federated Services (AD FS) to take over Microsoft 365 accounts and steal sensitive data, researchers have warned.

AD FS is a feature in Windows Servers that allow federated identity and access management (IAM), which many businesses use to add single sign-on functionality to their enterprise applications. According to FireEye, however, hackers could spoof one AD FS server communication to another to obtain its keys. Unlike similar attacks from the past, such as the Golden SAML attack from 2017, attackers only need access to the AD FS server over the standard HTTP port to extract data.

The best mitigation against this technique is to use the Windows Firewall to restrict access to port 80 TCP to only the AD FS servers on-site. Should a business have only a single AD FS server, then port 80 TCP can be blocked completely. This is because all traffic to and from AD FS servers and proxies is over port 443 TCP.

Nvidia reveals severe bugs in GPU driver and vGPU software

Nvidia has disclosed a set of flaws in its GPU display driver which could expose users to several forms of attack including remote code execution, privilege escalation, denial of service (DoS) as well as information disclosure.

There are 13 flaws in total, including five GPU display driver bugs and eight vulnerabilities in Nvidia’s vGPU software. The most severe of the GPU display driver flaws is CVE-2021-1074, which exists in the installer and allows an attacker with local system access to replace an application resource with a malicious file. The vGPU software flaws include four highly severe input validation bugs that could lead to information disclosure, including bugs tracked as CVE-2021-1080, CVE-2021-1081, CVE-2021-1082, and CVE-2021-1083.

Patches for all 13 bugs are available to download from the Nvidia Driver Downloads page, or through the Nvidia Licensing Portal for the vGPU software update.

Linux flaw may cause data leaks

Researchers with Cisco have warned Linux users about an information disclosure flaw that could allow an attacker to view the kernel stack memory.

Tracked as CVE-2020-28588, the vulnerability exists in the /proc/pid/syscall functionality of 32-bit Arm devices running Linux. To exploit it, attackers only need to read the /syscall operating system file using Proc, a system used for establishing an interface between data structures. Because it’s a legitimate operating system file, exploitation is difficult to detect. If it's exploited correctly, hackers could then use the information leak to successfully exploit additional unpatched Linux flaws, Cisco claims.

Affected versions of Linux include 5.10-rc4, 5.4.66, and 5.9.8, although a patch was merged in December 2020. Users are advised to update their builds to later versions immediately.

Apple fixes Mac flaw exploited in the wild

Related Resource

NETSCOUT threat intelligence report

Cyber crime: Exploiting a pandemic

Threat intelligence report - whitepaper from NETSCOUTDownload now

The latest version of Apple’s macOS arrived with a number of new features, as well as a fix for a dangerous vulnerability that was being exploited by cyber criminals to spread malware.

Despite several protections that Apple has built into its Mac operating system to safeguard users against malware, the vulnerability tracked as CVE-2021-30657 has been successfully exploited to bypass all of them. According to researcher Cedric Owens, this flaw has allowed attackers to easily craft a payload that isn’t checked by Gatekeeper, a technology designed to ensure that only trusted software is run on Mac devices.

Apple has patched this vulnerability, alongside two other flaws that may allow a malicious application to bypass Gatekeeper checks, with macOS Big Sur 11.3, in addition to several other flaws.

Featured Resources

Next-generation time series: Forecasting for the real world, not the ideal world

Solve time series problems with AI

Free download

The future of productivity

Driving your business forward with Microsoft Office 365

Free download

How to plan for endpoint security against ever-evolving cyber threats

Safeguard your devices, data, and reputation

Free download

A quantitative comparison of UPS monitoring and servicing approaches across edge environments

Effective UPS fleet management

Free download

Recommended

Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021
Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Royal Mint to recover gold from smartphones and laptops in world first
Technology

Royal Mint to recover gold from smartphones and laptops in world first

21 Oct 2021