Atlassian, Apple warn customers of zero-days used in attacks

Jason Macuray
Two tech giants are warning their customers about zero-day vulnerabilities being exploited in attacks.

Two tech giants are warning their customers about zero-day vulnerabilities being exploited in attacks.

Apple published a terse advisory on Wednesday about CVE-2023-42824 – a vulnerability affecting iPhone XS and later as well as several versions of the iPad Pro and Air.

“A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6,” said Apple, which released an emergency fix for the issue.

The advisory also adds a note about CVE-2023-5217, another bug sourced back to the libvpx video codec library. Like another issue discovered last month, the vulnerability affects a media processing tool embedded within browsers.

The Cybersecurity and Infrastructure Security Agency (CISA) warned on Monday that hackers are exploiting it and several browser makers have said their products are affected by it — including Google’s Chrome browser, Mozilla’s Firefox, Microsoft’s Edge and more.

Besides browsers, the code can be found in many other internet-based platforms, but it is unclear whether the vulnerability affects anything beyond browsers.

Google researchers first published information about the bug last week and said it was being exploited by unnamed commercial spyware vendors. Google said it was keeping information about the bug restricted so that users had a chance to install a fix.

Initially the flaw only appeared to affect Google products, but other browser makers identified the same problem, with Mozilla publishing its own advisory that rated CVE-2023-5217 as critical.

Atlassian attacks

Australian software giant Atlassian also released an advisory Wednesday on an issue with its Confluence Data Center and Server product. The company rated the vulnerability critical – the highest possible rating they have.

In a statement to Recorded Future News, a spokesperson for the company said Atlassian was recently made aware of CVE-2023-22515 and released a patch addressing it.

“Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances,” they said.

“Atlassian Cloud sites are not impacted by this vulnerability. We have provided customers with details of affected versions, mitigation steps required and threat detection actions in our Critical Security Advisory.”

The company urged customers to not only upgrade to the fixed version but also have security teams look through the provided indicators of compromise to see if exploitation occurred.

Several Atlassian vulnerabilities have been widely exploited by hackers in the past, with at least one topping CISA’s list of the top 15 routinely exploited vulnerabilities in 2021.

BriefsCybercrimeTechnology
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Privacy nonprofit calls on FTC to investigate Grindr’s data practices

Next Post

Suspected China-linked hackers target Guyana government with new backdoor

Related Posts

How Attackers Can Own a Business Without Touching the Endpoint

Attackers are increasingly making use of “networkless” attack techniques targeting cloud apps and identities. Here’s how attackers can (and are) compromising organizations – without ever needing to touch the endpoint or conventional networked systems and services.  Before getting into the details of the attack techniques being used, let’s discuss why
Avatar
Read More

Webinar: Learn Proactive Supply Chain Threat Hunting Techniques

In the high-stakes world of cybersecurity, the battleground has shifted. Supply chain attacks have emerged as a potent threat, exploiting the intricate web of interconnected systems and third-party dependencies to breach even the most formidable defenses. But what if you could turn the tables and proactively hunt these threats before they wreak havoc? We invite you to join us for an
Avatar
Read More