In this week's Security Advisory:
- Proof-of-Concept available for Citrix Session Recording Vulnerability
- BeyondTrust Patches Critical Command Injection Vulnerability
- Apple Releases New Updates to iOS and macOS
Proof-of-Concept available for Citrix Session Recording Vulnerability
A Proof-of-Concept is now available for two Citrix Session Recording vulnerabilities, CVE-2024-8068 (CVSS 5.1/10) and CVE-2024-8069 (CVSS 5.1/10). The first vulnerability can allow an authenticated user to escalate their privileges to have administrative access. The second vulnerability allows a user to exploit code remotely to the application. This has not been confirmed to be exploited in the wild yet, but it is recommended to upgrade urgently to mitigate that risk.
Affected Versions
- A full list of affected versions can be found here.
More Reading/Information
- https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/
- https://isc.sans.edu/diary/Exploit+attempts+for+unpatched+Citrix+vulnerability/31446
BeyondTrust Patches Critical Command Injection Vulnerability
BeyondTrust has released a patch for a critical severity vulnerability, CVE-2024-12356 (CVSS 9.8/10), in its Privileged Remote Access (PRA) and Remote Support (RS) products. This vulnerability can allow a remote unauthenticated user to execute commands to the underlying OS. BeyondTrust announced they have pushed the patch to customers with cloud hosting, but were not able to for all customers with an on-premise solution if they do not have automatic updates applied. This vulnerability has been exploited in the wild.
Affected Versions
- Privileged Remote Access (PRA) 24.3.1 and earlier.
- Remote Support (RS) 24.3.1 and earlier.
More Reading/Information
- https://www.beyondtrust.com/trust-center/security-advisories/bt24-10
- https://www.securityweek.com/beyondtrust-patches-critical-vulnerability-discovered-during-security-incident-probe/
Apple Releases New Updates to iOS and macOS
Apple has announced updates to a variety of its products addressing forty-eight (48) new vulnerabilities. Many of these vulnerabilities could allow for arbitrary code execution. Currently, there are no reports of these vulnerabilities being exploited in the wild.
Affected Versions
- Versions before Safari 18.2.
- Versions before iOS 18.2 and iPadOS 18.2.
- Versions before iPadOS 17.7.3.
- Versions before macOS Sequoia 15.2.
- Versions before macOS Sequoia 14.7.2.
- Versions before macOS Ventura 13.7.2.
- Versions before watchOS 11.2.
- Versions before tvOS 18.2.
- Versions before visionOS 2.2.
More Reading/Information
- https://support.apple.com/en-us/100100
- https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-apple-products-could-allow-for-arbitrary-code-execution_2024-138
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.