The Latest Zero-Day Vulnerabilities From Apple, Microsoft

Abraham Smith

Security News

Kyle Alspach

The tech giants this week disclosed new vulnerabilities they said were being exploited in cyberattacks.

The Last Zero Days

While the stream of newly discovered software vulnerabilities never stops, some vulnerabilities are of course more serious than others. In general, vulnerabilities that are already being actively exploited are considered a priority for vendors to fix and for users to update. And as far as zero-day exploited vulnerability disclosures go, it’s been a busy week. Two industry titans, Apple and Microsoft, this week revealed zero-day vulnerabilities affecting their widely deployed products and say there is reason to believe the vulnerabilities have been exploited. Apple’s exploited zero-day vulnerability affects iPhones, Macs, and iPads, while the three exploited zero-day vulnerabilities affect Microsoft Office and Windows.

[Related: US Agency Urges Deployment Of Apple’s Updates For iPhones, Macs]

Apple released fixes for its vulnerability on Monday, while Microsoft released a patch for Office and Windows’ zero-day vulnerabilities on Tuesday as part of its monthly bug fix release, popularly known as “Patch Tuesday.”

The US Cybersecurity and Infrastructure Security Agency (CISA) this week released advisories calling for updates to Apple and Microsoft vulnerabilities, saying that in both cases attackers could exploit the vulnerabilities to “take control” of a affected device or system.

When it comes to the ongoing problem of the need to remediate software vulnerabilities, the key for organizations is to get a handle on the actual business impact of a given vulnerability — and then prioritize accordingly, according to Brad Davenport, vice president of technical vulnerabilities Cybersecurity, Connectivity and Collaboration Architecture at Logicalis US. “It’s a constant prioritization game to determine what the ultimate business impact is and then really prioritize those things,” he said.

Often, however, the fact that a vulnerability is being actively exploited is a signal that updates should come sooner rather than later.

What follows are details on the latest zero-day vulnerabilities from Apple and Microsoft.

Learn more about Kyle Alspach

Kyle Alspach

Kyle Alspach is a senior editor at CRN specializing in cybersecurity. Its coverage includes news, analysis and deep insights into the cybersecurity industry, with a focus on fast-growing segments such as cloud security, application security and identity security. He can be reached at [email protected].


Source

Leave a Reply

Your email address will not be published. Required fields are marked *