Chrome, Ivanti, and Citrix: Weekly Vulnerability Review for 1/22/24

Spread the love



This week’s cybersecurity news brings attention to several vulnerabilities, including issues with GitHub credentials, a new Chrome fix, and hidden malware in pirated apps. Both Citrix and Ivanti are facing challenges with vulnerabilities in their products. The content also highlights the detection of nine vulnerabilities in an open source UEFI implementation and the discovery of malware in pirated macOS applications on Chinese websites.

First, the PixieFAIL vulnerabilities in the UEFI implementation pose a risk of remote code execution, denial of service attacks, and session hijacking. The CVEs in the Citrix NetScaler appliances allow for remote code execution and denial of service attacks, while the Ivanti Endpoint Manager Mobile and MobileIron Core are susceptible to an authentication bypass vulnerability. Google has fixed Chrome vulnerabilities related to out-of-bounds write, memory access, and type confusion.

GitHub has rotated credentials to address a vulnerability that could have exposed access to production container credentials. Users are advised to download new public commitment signature keys. Citrix recommends updating to the latest versions of their products to address the discovered vulnerabilities. Ivanti urges users to update to the latest version of Endpoint Manager Mobile to mitigate the authentication bypass issue. Additionally, Jamf Threat Labs discovered malware hidden in pirated macOS applications on Chinese websites, posing a threat to users who download such pirated apps.

To protect against these vulnerabilities and attacks, organizations and users are advised to regularly review software and hardware updates for patches, keep a close eye on network equipment, and avoid downloading pirated applications from unreliable websites. Ensuring that systems are up-to-date with security patches and implementing best practices for cybersecurity can help mitigate the risks associated with these vulnerabilities and malware threats.

In conclusion, staying informed about the latest cybersecurity threats and taking proactive measures to secure systems and networks can help prevent unauthorized access, data breaches, and other security incidents. By following recommended security practices and keeping software and hardware updated, organizations and users can reduce their exposure to vulnerabilities and protect their sensitive information from cyber threats.

Article Source
https://www.esecurityplanet.com/threats/vulnerability-recap-january-22-2024/