Shutterstock
Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.
Below,
IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.
Emergency Apple updates patch exploited zero-days
Three vulnerabilities could give attackers full control of their target Apple devices, and must be patched immediately
Share this item with your network: By Published: 27 Jan 2021 11:15
Apple has rushed an emergency patch for three zero-day exploits in iOS 14.4 and iPadOS 14.4, disclosed to it by anonymous security researchers, that are already being actively exploited in the wild.
The three vulnerabilities, assigned CVEs 2021-1782, 2021-1871 and 2021-1870 all affect the Apple iPhone 6s and later, the iPad Air 2 and later, the iPad mini 4 and later, and the 7
th generation iPod Touch. Users of these devices are urged to apply the patches as soon as possible.
Breaking: SonicWall VPN Products Hacked Using Zero-Day Vulnerability texasguardian.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from texasguardian.com Daily Mail and Mail on Sunday newspapers.
SonicWall investigates SMA 100 Series appliances for zero-day vulnerabilities after attack
SonicWall has identified a coordinated attack on its internal systems by highly sophisticated threat actors
SonicWall is investigating SMA 100 Series for zero-day vulnerabilities
To continue reading.
Don t have an account?
Computing helps IT leaders to make technology a revenue and innovation engine for their businesses. Our unique package of news and analysis enables you to discover what the smartest minds in the industry are doing and scan the horizon for what’s next
REAL-TIME NEWS AND ANALYSIS: find out what’s happening and why in the technology space including news on your competitors and regulators – delivered to your desktop or mobile in a daily newsletter
In a statement published Jan. 22, SonicWall officials wrote they detected an attack by highly sophisticated threat actors exploiting probably zero-day vulnerabilities on certain SonicWall secure remote access products.
As of Jan. 23, the company has confirmed its SonicWall Firewalls, NetExtender VPN Client, Secure Mobile Access (SMA) 1000 Series, and SonicWave Access Points were not affected in the recent attack. The SMA 100 Series, used to provide employees with remote access to internal resources, is under investigation but may be used safely in common deployment use cases.
Current SMA 100 series users may continue to use NetExtender for remote access, a use case the company has determined is not susceptible to exploitation. Admins for the SMA 100 series are advised to create specific access rules while investigation of the vulnerability is underway. SonicWall suggests using a firewall to allow only SSL-VPN connections to the SMA from known IP addresses, or to configure w