- Apple Releases Security Updates for Multiple Products
- Threat Actors Exploiting Multiple Vulnerabilities Against Zimbra Collaboration Suite
- Zoom for Mac Vulnerability in the Wild
________________________________
Apple Releases Security Updates for Multiple Products
Situation:
Apple has released security updates for multiple products.
Problem:
Vulnerabilities in macOS Monterey, iOS and iPadOS, and Safari.
Implication:
An attacker could exploit one of these vulnerabilities to take control of an affected device.
Need:
We encourage organizations to review the Apple security updates page for the following products and apply the necessary updates as soon as possible:
- MacOS Monterey 12.5.1
- iOS 15.6.1 and iPadOS 15.6.1
- Safari 15.6.1
Additional Resources:
CISA Bulletin: Apple Releases Security Updates for Multiple Products:
https://www.cisa.gov/uscert/ncas/current-activity/2022/08/18/apple-releases-security-updates-multiple-products
Apple security updates:
https://support.apple.com/en-us/HT201222
MacOS Monterey 12.5.1:
https://support.apple.com/en-us/HT213413
iOS 15.6.1 and iPadOS 15.6.1:
https://support.apple.com/en-us/HT213412
Safari 15.6.1:
https://support.apple.com/en-us/HT213414
________________________________
Threat Actors Exploiting Multiple Vulnerabilities Against Zimbra Collaboration Suite
Situation:
CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have released a joint Cybersecurity Advisory (CSA).
Problem:
Active exploitation of multiple vulnerabilities against Zimbra Collaboration Suite (ZCS), an enterprise cloud-hosted collaboration software and email platform.
Implication:
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need:
We encourage organizations to review Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite for more information and apply the recommended mitigations.
Additional Resources:
CISA Bulletin: Threat Actors Exploiting Multiple Vulnerabilities Against Zimbra Collaboration Suite
https://www.cisa.gov/uscert/ncas/current-activity/2022/08/16/threat-actors-exploiting-multiple-vulnerabilities-against-zimbra
Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite:
https://www.cisa.gov/uscert/ncas/alerts/aa22-228a
________________________________
Zoom for Mac Vulnerability in the Wild
Situation:
A critical vulnerability in Zoom for Mac OS has been discovered.
Problem:
An auto-update vulnerability that could have allowed malicious programs to use its elevated installing priviledges.
Implication:
An attacker could exploit this vulnerability by granting them escalated privileges and control of the system.
Need:
We encourage organizations to update to the latest version of Zoom (Version 5.11.4 [7185] ) to fix the auto update issue.
Additional Resources:
Update Zoom for Mac now to avoid root-access vulnerability:
https://arstechnica.com/information-technology/2022/08/zoom-patches-mac-auto-updater-vulnerability-that-granted-root-access/
Latest Zoom update:
https://zoom.us/download#client_4meeting