Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the user's associated privileges, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.
Affected Systems:
- Google Chrome versions prior to 116.0.5845.96/.97 for Windows.
- Google Chrome versions prior to 116.0.5845.96 for Mac and Linux.
Risk
- Large and medium business entities: High
- Small business entities: Medium
Remediation Recommendations
- Ensure devices using Google Chrome have installed the latest version(s).
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References:
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html
Critical Patches Issued for
Microsoft Products
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Affected Systems:
- Popular Microsoft products and services including, but not limited to, .NET Core and Framework, Office, and Visual Studio
Risk
- Large and medium business entities: High
- Small business entities: Medium
Remediation Recommendations
- Ensure all Microsoft products have the latest version available installed.
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References:
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.
Affected Systems:
- Android OS patch levels prior to 2023-08-05
Risk
- Large and medium business entities: High
- Small business entities: Medium
Remediation Recommendations
- Ensure all devices running Android OS are updated to their latest versions.
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
https://source.android.com/docs/security/bulletin/2023-08-01#2023-08-05-security-patch-level-vulnerability-details
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Affected Systems:
- Acrobat DC versions 23.003.20244 and earlier
- Acrobat Reader DC versions 23.003.20244 and earlier
- Acrobat 2020 versions 20.005.30467 and earlier
- Acrobat Reader 2020 versions 20.005.30467 and earlier
- Adobe Commerce versions 2.4.6-p1 and earlier
- Adobe Commerce versions 2.4.5-p3 and earlier
- Adobe Commerce versions 2.4.4-p4 and earlier
- Adobe Commerce versions 2.4.3-ext-3 and earlier
- Adobe Commerce versions 2.4.2-ext-3 and earlier
- Adobe Commerce versions 2.4.1-ext-3 and earlier
- Adobe Commerce versions 2.4.0-ext-3 and earlier
- Adobe Commerce versions 2.3.7-p4-ext-3 and earlier
- Magento Open Source 2.4.6-p1 and earlier
- Magento Open Source 2.4.5-p3 and earlier Magento Open Source 2.4.4-p4 and earlier
Risk
- Large and medium business entities: High
- Small business entities: Medium
Remediation Recommendations
- Ensure all Adobe products are updated to their latest versions
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
Phishing Scam Targets Executives
Proofpoint is tracking “a dramatic surge of over 100% in successful cloud account takeover incidents impacting high-level executives at leading companies.” The threat actors used the EvilProxy phishing tool to target executives at more than one-hundred organizations around the world between March and June of 2023. The researchers state, “Amongst the hundreds of compromised users, approximately 39% were C-level executives of which 17% were Chief Financial Officers, and 9% were Presidents and CEOs. Attackers have also shown interest in lower-level management, focusing their efforts on personnel with access to financial assets or sensitive information.”