Threat Report 9/19/24

Multiple Vulnerabilities in Google Chrome
Could Allow for Arbitrary Code Execution 

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights.

Affected Systems:

• Chrome prior to 129.0.6668.58/59 for Windows and Mac

• Chrome prior to 129.0.6668.58 for Linux

Risk

• Large and medium business entities: High
• Small business entities: Medium

Remediation Recommendations

• Ensure all devices using Google Chrome have the latest version(s) installed

• Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

References

• https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html
  
  

Vulnerability in Apple Products
Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights.

Affected Systems:

•  Versions prior to iOS 18 and iPadOS 18
• Versions prior to macOS Sequoia 15
• Versions prior to tvOS 18
• Versions prior to watchOS 11
• Versions prior to visionOS 2
• Versions prior to iOS 17.7 and iPadOS 17.7
• Versions prior to macOS Sonoma 14.7
• Versions prior to macOS Ventura 13.7

Risk

• Large and medium business entities: High
• Small business entities: Medium

Remediation Recommendations

• Ensure Apple software has the latest version(s) installed 
• Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

References

• https://support.apple.com/en-us/100100 
  
• https://support.apple.com/en-us/121250 
  
• https://support.apple.com/en-us/121238 
  
• https://support.apple.com/en-us/121248 
  
• https://support.apple.com/en-us/121240 
  
• https://support.apple.com/en-us/121249 
  
• https://support.apple.com/en-us/121241 
  
• https://support.apple.com/en-us/121239 
  
• https://support.apple.com/en-us/121246 
  
• https://support.apple.com/en-us/121247 
  
• https://support.apple.com/en-us/121234 

Vulnerabilities in Adobe Products
Could Allow for Arbitrary Code Execution  

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights. 

Affected Systems:

• Adobe Media Encoder 24.5 and earlier versions 

• Adobe Media Encoder 23.6.8 and earlier versions 

• Adobe Audition 24.4.1 and earlier versions 

• Adobe Audition 23.6.6 and earlier versions 

• Adobe After Effects 24.5 and earlier versions 

• Adobe After Effects 23.6.6 and earlier versions 

• Adobe Premiere Pro 24.5 and earlier versions 

• Adobe Premiere Pro 23.6.8 and earlier versions 

• Illustrator 2024 28.6 and earlier versions  

• Illustrator 2024 27.9.5 and earlier versions 

• Acrobat DC 24.003.20054 and earlier versions (Windows) 24.002.21005 and earlier versions (MacOS) 

• Acrobat Reader DC 24.003.20054 and earlier versions (Windows) 24.002.21005 and earlier versions (MacOS) 

• Acrobat 2024 24.001.30159 and earlier versions 

• Acrobat 2020 20.005.30655 and earlier versions 

• Acrobat Reader 2020 20.005.30655 and earlier versions 

• ColdFusion 2023 Update 9 and earlier versions 

• ColdFusion 2021 Update 15 and earlier versions 

• Photoshop 2023 24.7.4 and earlier versions 

• Photoshop 2024 25.11 and earlier versions 

Risk

• Large and medium business entities: High
• Small business entities: Medium

Remediation Recommendations

• Ensure all versions of all Adobe products are updated to their latest versions 

• Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 

References

• https://helpx.adobe.com/security/Home.html 
  
• https://helpx.adobe.com/security/products/media-encoder/apsb24-53.html 
  
• https://helpx.adobe.com/security/products/audition/apsb24-54.html 
  
• https://helpx.adobe.com/security/products/after_effects/apsb24-55.html 
  
• https://helpx.adobe.com/security/products/premiere_pro/apsb24-58.html 
  
• https://helpx.adobe.com/security/products/illustrator/apsb24-66.html 
  
• https://helpx.adobe.com/security/products/acrobat/apsb24-70.html 
  
• https://helpx.adobe.com/security/products/coldfusion/apsb24-71.html 
  
• https://helpx.adobe.com/security/products/photoshop/apsb24-72.html 
  
  
  

Claims of Hacked Voter Information
Debunked by FBI and CISA  

The US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a PSA warning of false claims that hackers have compromised US voter registration databases, BleepingComputer reports. The advisory notes, "The reality is that having access to voter registration data is not by itself an indicator of a voter registration database compromise. Most U.S. voter information can be purchased or otherwise legitimately acquired through publicly available sources. In recent election cycles, when cyber actors have obtained voter registration information, the acquisition of this data did not impact the voting process or election results." 

The advisory adds that "the FBI and CISA have no information suggesting any cyberattack on U.S. election infrastructure has prevented an election from occurring, changed voter registration information, prevented an eligible voter from casting a ballot, compromised the integrity of any ballots cast, or disrupted the ability to count votes or transmit unofficial election results in a timely manner." 

Microsoft Patch Tuesday Notes 

Microsoft issued patches for 79 vulnerabilities on Tuesday, September 10, including four actively exploited zero-days, Dark Reading reports. Two of the zero-days (CVE-2024-38226 and CVE-2024-38217) are security bypass vulnerabilities that can be exploited via social engineering. Dark Reading quotes Satnam Narang, senior staff research engineer at Tenable, as saying, "Exploitation of both CVE-2024-38226 and CVE-2024-38217 can lead to the bypass of important security features that block Microsoft Office macros from running." A third zero-day (CVE-2024-38014) is an elevation of privilege flaw affecting Windows Installer that can allow an attacker to gain SYSTEM privileges. The fourth zero-day is a remote code execution vulnerability in the Servicing Stack that's been assigned a CVSS score of 9.8. This vulnerability can allow an attacker to roll back fixes for previously patched flaws in Windows 10, version 1507.