Cybersafe Solutions Security Advisory March 14, 2025

In this week's Security Advisory:

• Fortinet Patches Multiple Vulnerabilities
• Microsoft's March Patch Tuesday Release
• Apple Patches WebKit Zero Day
• Security Updates Released for Google Chrome, Adobe Products, and Zoom

Fortinet has released multiple advisories detailing eighteen new vulnerabilities affecting various products, eight of which are high severity. Some of the high-severity vulnerabilities include an XSS flaw, remote code execution, privilege escalation, and sensitive data exposure. The medium-severity vulnerabilities can lead to the following as well; code execution, command execution, arbitrary file writing, and bypassing web firewall protections. Fortinet stated that most of these vulnerabilities were found internally and have not seen any evidence of exploitation in the wild.

Affected Versions

• A full list of affected products and versions can be found here

More Reading/Information

• https://www.securityweek.com/fortinet-patches-18-vulnerabilities/
• https://fortiguard.fortinet.com/psirt?filter=1&version=

Microsoft's March Patch Tuesday Release

Microsoft announced patches for fifty-seven vulnerabilities, including six zero-day vulnerabilities, all of which are being exploited in the wild. The vulnerabilities in total can lead to remote code execution, privilege escalation, denial of service, spoofing, and feature bypasses. It is essential to make these vulnerabilities a priority to patch.

Affected Versions

• A full list of affected versions can be found here

More Reading/Information

• https://msrc.microsoft.com/update-guide/
• https://www.securityweek.com/patch-tuesday-microsoft-patches-57-flaws-flags-six-active-zero-days/

Apple Patches WebKit Zero Day

Apple released a patch for CVE-2025-24201 this week. This zero-day vulnerability affects the WebKit web browser engine component. This allows a threat actor to craft malicious web content such that it can break out of the Web Content sandbox. This vulnerability has been exploited against users with earlier iOS versions.

Affected Versions

• The affected versions can be found here

More Reading/Information

• https://support.apple.com/en-us/100100
• https://thehackernews.com/2025/03/apple-releases-patch-for-webkit-zero.html?m=1

Security Updates Released for Google Chrome, Adobe Products, and Zoom

Google Chrome announced patches with an updated browser version, which has addressed fourteen new vulnerabilities. Successful exploitation of these can lead to code execution.

Adobe has released patches for thirty-five vulnerabilities in different products. Multiple vulnerabilities were flagged as critical, and it was warned that successful exploitation could lead to arbitrary code execution and memory leaks.

Zoom released patches for five new vulnerabilities. Three of these can be exploited by an authenticated attacker to escalate privilege via network access.

More Reading/Information

• https://helpx.adobe.com/security/Home.html
• https://www.securityweek.com/zoom-patches-4-high-severity-vulnerabilities/
• https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2025-020

Recommendations

Please review your environment to ensure the above-mentioned issues are patched in a timely manner.  It is security best practice to regularly update and/or patch software to the latest versions.  The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only.  This dramatically increases the likelihood that new vulnerabilities have a patch issued for them.  Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.