This week has brought a slew of security issues for system administrators and power users, impacting a variety of systems and networks. Intel Raptor Lake and Alder Lake systems are vulnerable to a new branch prediction attack called Indirector, resulting in potential performance impacts after applying a fix. Linux users are also at risk from the regresSSHion vulnerability, which exploits a race condition in sshd to grant attackers root privileges on glibc-based Linux systems. Additionally, AMD and newer Intel users running Windows may be affected by a zero-day attack targeting Cisco Nexus switches, posing a threat to internet traffic security.
Apple users have not been spared either, with vulnerabilities in CocoaPods, an open source dependency manager used to manage millions of apps. A migration in 2014 left behind abandoned apps and Pods that could be claimed by malicious actors, allowing them to inject malware into apps. There was also a 10 out of 10 attack associated with the authentication process, which exposed a vulnerability on a backbone server used to send verification links to devices, potentially leading to the spread of malware.
Overall, the security landscape is fraught with challenges for system administrators and power users, highlighting the importance of staying vigilant and applying patches promptly to mitigate potential risks.
Article Source
https://pcper.com/2024/07/insecurity-corner-bonanza-intel-linux-cisco-and-apple-all-unwillingly-participate/
