mdbildes – stock.adobe.com
Bugs in products from Apple, Google, Microsoft and VMware dominated the threat landscape in August, says Recorded Future
- Alex Scroxton,Security Editor
Published: 07 Sep 2022 13: 51
The disclosure of multiple impactful and, critically, widespread vulnerabilities and proof-of-concept (POC) exploits made August a busy month for patching, with urgent updates necessary for users of Apple and Google products, while corporate security teams were continued their toes with fixes for vulns targeting Microsoft, Palo Alto and VMware, amongst others.
That’s based on the third edition of Recorded Futures CVE monthly report, where the firms analysts highlighted many of the most critical bugs, including CVE-2022-2856 in Googles Chrome browser, and CVE-2022-32893 and -32894 in Apple Safari WebKit, Apple iOS, iPadOS and macOS, which are particularly important partly because of the vast user bases.
When it rains, it pours, said the analyst team. As though the landscape had not been content to simply break the dry spell of June, the amount of high-risk vulnerabilities that people identified for August 2022 was over double the quantity from July, driven by two categories: disclosures of several zero-day vulnerabilities in products from major vendors like Apple, Google, and Microsoft; and releases of POC exploits for critical vulnerabilities in software from both our prioritised vendors and a diverse band of others.
Unlike last month, there is a nearly equal distribution of high-risk vulnerabilities between our prioritised vendors among others. For the prioritised list, OSs and browsers were principally affected. Beyond this list, we saw a broad spread of affected components, including router firmware, device management, interface controllers and learning management software.
As is usually to be expected predicated on trends from the final several years, all the high-risk vulnerabilities because of this past month with CVSS scores were of low attack complexity. However, POC exploit code for these vulnerabilities ranged from the few lines to multi-file packages.
The entire set of prioritised vulnerabilities to be able of potential severity is really as follows:
- CVE-2022-2856 in Googles Chrome browser.
- CVE-2022-27255 in Realteks eCos interface controller.
- CVE-2022-32548 in DrayTeks Vigor router firmware.
- CVE-2022-32893 in Apples Safari Webkit browser.
- CVE-2022-32894 in Apples iOS, iPadOS, and macOS operating-system.
- CVE-2022-34699 in Microsofts Windows and Windows Server operating-system.
- CVE-2022-31656 in VMWares Workspace ONE Access, Identity Manager, and vRealize Automation device management.
- CVE-2022-31659 in VMWares Workspace ONE Access and Identity Manager device management.
- CVE-2022-0028 in Palo Alto Networkss PAN-OS operating-system.
- CVE-2022-34713 in Microsoft Windows and Windows Server operating-system.
- CVE-2020-14321 in Moodles learning management system.
Of the, a few of the more noteworthy issues included CVE-2022-34713, also called DogWalk, that is disputed as a zero-day because technically, exploitation was reported following its initial disclosure, which occurred in 2020. The Recorded Future team said its exploitation confirmed their suspicions that non-macro-related Microsoft vulnerabilities which are exploitable via malicious documents would turn into a trending feature of the threat landscape.
The VMware vulnerabilities that are not zero-days either were disclosed as some on 2 August, CVE-2022-31656 as an authentication bypass vulnerability and CVE-2022-31659 as an SQL injection vulnerability. POC code was spotted in the open a couple of days down the road 9 August.
VMware users have already been highly targeted by nation state advanced persistent threat (APT) groups and cyber criminal gangs throughout 2022 its Horizon platform specifically became the main topic of an alert from the united states authorities in June. Before the August disclosures, VMware alerted users in April to CVE-2022-22954, a server-side template injection bug resulting in remote code execution (RCE), that is thought to have already been exploited by Iran-linked threat actors.
Recorded Future has been creating a monthly CVE bulletin since June 2022 launched to coincide with the debut of Microsofts Windows Autopatch service, which includes forever changed the type of Patch Tuesday for security pros at a large number of large enterprises.