Weekly threat roundup: Nvidia, Linux, macOS

Graphic showing a red unlocked padlock surrounded by blue locked padlocks
(Image credit: Shutterstock)

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Hackers could abuse Windows flaw to steal corporate data

Cyber criminals could exploit a vulnerability in Active Directory Federated Services (AD FS) to take over Microsoft 365 accounts and steal sensitive data, researchers have warned.

AD FS is a feature in Windows Servers that allow federated identity and access management (IAM), which many businesses use to add single sign-on functionality to their enterprise applications. According to FireEye, however, hackers could spoof one AD FS server communication to another to obtain its keys. Unlike similar attacks from the past, such as the Golden SAML attack from 2017, attackers only need access to the AD FS server over the standard HTTP port to extract data.

The best mitigation against this technique is to use the Windows Firewall to restrict access to port 80 TCP to only the AD FS servers on-site. Should a business have only a single AD FS server, then port 80 TCP can be blocked completely. This is because all traffic to and from AD FS servers and proxies is over port 443 TCP.

Nvidia reveals severe bugs in GPU driver and vGPU software

Nvidia has disclosed a set of flaws in its GPU display driver which could expose users to several forms of attack including remote code execution, privilege escalation, denial of service (DoS) as well as information disclosure.

There are 13 flaws in total, including five GPU display driver bugs and eight vulnerabilities in Nvidia’s vGPU software. The most severe of the GPU display driver flaws is CVE-2021-1074, which exists in the installer and allows an attacker with local system access to replace an application resource with a malicious file. The vGPU software flaws include four highly severe input validation bugs that could lead to information disclosure, including bugs tracked as CVE-2021-1080, CVE-2021-1081, CVE-2021-1082, and CVE-2021-1083.

Patches for all 13 bugs are available to download from the Nvidia Driver Downloads page, or through the Nvidia Licensing Portal for the vGPU software update.

Linux flaw may cause data leaks

Researchers with Cisco have warned Linux users about an information disclosure flaw that could allow an attacker to view the kernel stack memory.

Tracked as CVE-2020-28588, the vulnerability exists in the /proc/pid/syscall functionality of 32-bit Arm devices running Linux. To exploit it, attackers only need to read the /syscall operating system file using Proc, a system used for establishing an interface between data structures. Because it’s a legitimate operating system file, exploitation is difficult to detect. If it's exploited correctly, hackers could then use the information leak to successfully exploit additional unpatched Linux flaws, Cisco claims.

Affected versions of Linux include 5.10-rc4, 5.4.66, and 5.9.8, although a patch was merged in December 2020. Users are advised to update their builds to later versions immediately.

Apple fixes Mac flaw exploited in the wild

RELATED RESOURCE

NETSCOUT threat intelligence report

Cyber crime: Exploiting a pandemic

FREE DOWNLOAD

The latest version of Apple’s macOS arrived with a number of new features, as well as a fix for a dangerous vulnerability that was being exploited by cyber criminals to spread malware.

Despite several protections that Apple has built into its Mac operating system to safeguard users against malware, the vulnerability tracked as CVE-2021-30657 has been successfully exploited to bypass all of them. According to researcher Cedric Owens, this flaw has allowed attackers to easily craft a payload that isn’t checked by Gatekeeper, a technology designed to ensure that only trusted software is run on Mac devices.

Apple has patched this vulnerability, alongside two other flaws that may allow a malicious application to bypass Gatekeeper checks, with macOS Big Sur 11.3, in addition to several other flaws.

Keumars Afifi-Sabet
Features Editor

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.