Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Threat IntelligenceApple is aware of a report that CVE-2023-42916 and CVE-2023-42917 may have been actively exploited against versions of iOS released before iOS 16.7.1.
Systems Affected
Versions prior to macOS Sonoma 14.1.2 Versions prior to iOS 17.1.2 and iPadOS 17.1.2 Versions prior Safari 17.1.2
Risk Government: – Large and medium government entities: High – Small government entities: Medium
Businesses: – Large and medium business entities: High – Small business entities: Medium
Home Users: Low
Technical Summary Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Details of the vulnerabilities are as follows:
Recommendations
Apply the stable channel update provided by Apple to vulnerable systems immediately after appropriate testing. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. Restrict use of certain websites, block downloads/attachments, block Javascript, restrict browser extensions, etc. Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. Block execution of code on a system through application control, and/or script blocking. Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc. behavior.
Access Reference Data from NIST’s Various Standards, Guidelines & Frameworks—All in One Place
The NIST Cybersecurity and Privacy Reference Tool (CPRT) provides a way to browse, view mappings, and download reference data from select NIST cybersecurity and privacy standards, guidelines, and Frameworks– all in standardized data formats (you can currently pick from XLSX or JSON). These tabular datasets will make it easier for users of NIST guidance to identify, locate, compare, and customize content without needing to review hundreds of pages of narrative within publications.
CPRT was developed a few years back— to liberate, manage, and map NIST cybersecurity and privacy data. Today’s launch is the first step to improving the user experience; CPRT now includes more NIST resources than it did when we first unveiled it (and more will continue to be added…so it’ll evolve even more with time).
NIST will continue to collaborate with the public to ensure access to our community-developed resources is manageable, streamlined and usable—and CPRT is a big step in this direction. We look forward to the further evolution of this tool and welcome your comments, questions, and feedback via [email protected].
The Cybersecurity and Infrastructure Security Agency (CISA) has released a Cybersecurity Advisory in response to confirmed exploitation of CVE-2023-26360 by unidentified threat actors at a Federal Civilian Executive Branch agency. This vulnerability presents an improper access control issue impacting specific versions of Adobe ColdFusion, some of which are no longer supported.
In June 2023, through the exploitation of CVE-2023-26360, threat actors were able to establish an initial foothold on two federal agency systems in two separate instances. In both incidents, Microsoft Defender for Endpoint alerted the agencies of the potential exploitation of an Adobe ColdFusion vulnerability on public-facing web servers in the agency’s pre-production environment. Both servers were running outdated versions of software, which are vulnerable to various CVEs.
Adobe ColdFusion is a commercial application server used for rapid web-application development, such as supporting proprietary markup languages for building web applications and integrating external components like databases and other third-party libraries.
The advisory provides network defenders with details on the vulnerability; tactics, techniques, and procedures (TTPs): indicators of compromise (IOCs); and methods to detect and protect against similar exploitation. Organizations should prioritize remediating known exploited vulnerabilities, employ proper network segmentation, and enable multi-factor authentication for all services to the extent possible, particularly for webmail, virtual private networks, and accounts that access critical systems.
Organizations are encouraged to implement the recommended mitigations in the advisory to improve their cybersecurity posture against this particular threat actor activity. CISA also recommends software manufacturers incorporate secure-by-design principles and tactics into their software development practices to limit the impact of threat actor techniques and strengthen the security posture for their customers.
