Security News
Kyle Alspach
The tech giants this week disclosed new vulnerabilities that they said have been exploited in cyberattacks.
The Latest Zero Days
While the stream of newly discovered vulnerabilities in software is never-ceasing, some vulnerabilities are more serious than others, of course. Generally vulnerabilities that are already being actively exploited are considered a priority for vendors to fix and users to update. And when it comes to disclosures of exploited zero-day vulnerabilities go, this was a busy week. Two titans of the industry, Apple and Microsoft, revealed zero-day vulnerabilities this week affecting their widely used products, and said there’s reason to believe the flaws have been exploited. The exploited Apple zero-day vulnerability affects iPhones, Macs and iPads, while the three exploited Microsoft zero-day vulnerabilities impact Office and Windows.
[Related: US Agency Urges Deployment Of Apple’s Updates For iPhones, Macs]
Apple released fixes for its vulnerability on Monday, while Microsoft released a patch for the Office and Windows zero-day vulnerabilities on Tuesday as part of its monthly release of bug fixes, popularly known as “Patch Tuesday.”
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released advisories urging updates for both the Apple and Microsoft vulnerabilities, saying that in both cases, attackers could exploit the flaws to “take control” of an affected device or system.
When it comes to the ongoing issue of needing to address vulnerabilities in software, the key for organizations is to get a handle on what the actual business impact will be from any given vulnerability — and then prioritize accordingly, according to Brad Davenport, vice president of technical architecture for cybersecurity, networking and collaboration at Logicalis US. “It’s a constant prioritization game to determine what ultimately is the business impact, and then to really prioritize those things,” he said.
Often, however, the fact that a vulnerability is being actively exploited is a signal that updates should come sooner rather than later.
What follows are details on the latest zero day vulnerabilities from Apple and Microsoft.