Threat Report 11/2/23

Multiple Vulnerabilities in Google Chrome
Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights.

Affected Systems:

• Chrome prior to 119.0.6045.105/.106 for Windows

• Chrome prior to 119.0.6045.105 for Mac and Linux

Risk:

• Large and medium business entities: High
• Small business entities: Medium

Remediation Recommendations

• Ensure all devices running Google Chrome have the latest version(s) installed.

• Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

References

• https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html

Vulnerability in Apple Products
Could Allow for Arbitrary Code Execution

A vulnerability has been discovered in Apple products, which could allow for privilege escalation. Successful exploitation of this vulnerability could allow for privilege escalation in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights.

Affected Systems:

• Versions prior to macOS Ventura 13.6.1

• Versions prior to macOS Sonoma 14.1

• Versions prior to macOS Monterey 12.7.1

• Versions prior to iOS 16.7.2 and iPadOS 16.7.2

•  Versions prior to iOS 17.1 and iPadOS 17.1

•  Versions prior tvOS 17.1

• Versions prior watchOS 10.1

• Versions prior Safari 17.1

   

Risk:

• Large and medium business entities: High
• Small business entities: Medium

Remediation Recommendations

• Ensure Apple software has the latest version(s) installed.

• Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

References

• https://support.apple.com/en-us/HT213981
• https://support.apple.com/en-us/HT213982
• https://support.apple.com/en-us/HT213983
• https://support.apple.com/en-us/HT213984
• https://support.apple.com/en-us/HT213985
• https://support.apple.com/en-us/HT213986
  
• https://support.apple.com/en-us/HT213987
  
• https://support.apple.com/en-us/HT213988
• https://support.apple.com/en-us/HT213990
  
  
  

Multiple Vulnerabilities in Mozilla Products
Could Allow for Arbitrary Code ExecutioN

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.

• Mozilla Firefox is a web browser used to access the Internet.
• Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
• Mozilla Thunderbird is an email client.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights.

Affected Systems:

• Firefox ESR versions prior to 115.4

• Firefox versions prior to 119

• Thunderbird versions prior to 115.4

Risk:

• Large and medium business entities: High
• Small business entities: Medium

Remediation Recommendations

• Ensure all devices running Mozilla products have the latest version available installed.

• Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

References

• https://www.mozilla.org/en-US/security/advisories/
• https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/
• https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/
• https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/
• https://www.mozilla.org/en-US/security/advisories/mfsa2023-48/
  

Multiple Vulnerabilities in ChromeOS
Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in ChromeOS, the most severe of which could allow for arbitrary code execution. ChromeOS is a Linux-based operating system developed and designed by Google. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Affected Systems:

• 118.0.5993.117 for Mac and Linux

• 118.0.5993.117/.118 for Windows

Risk:

• Large and medium business entities: High
• Small business entities: Medium

Remediation Recommendation

• Ensure all devices running ChromeOS have the latest version available installed.

• Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

References

• https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_24.html
  
  
  

Access Tokens Stolen from Okta’s Support Unit

On October 20th, KrebsOnSecurity reported that the identity tool provider Okta suffered a security breach earlier in October of this year wherein hackers were able to obtain recordings of web browser sessions (HAR files) which often contain customers’ cookies and session tokens from ongoing support cases at the time. These cookies and session tokens can then be used to impersonate valid users. According to Okta, a “very, very small subset” of their 18,000 customers were impacted by this breach.

In a later update, it was reported that companies 1Password and Cloudflare disclosed compromises of their Okta authentication platforms that were directly related to the Okta breach. However, they announced that no customer information or systems were impacted by said compromises.