Bad news for companies using WordPress sites with a two-factor authentication mechanism implemented via the Really Simple Security plugin. The recently discovered CVE-2024-10924 vulnerability in this plugin allows a complete stranger to authenticate as a legitimate user. It’s therefore recommended to update the plugin as soon as possible.

What’s the danger of the CVE-2024-10924 vulnerability

As ironic as it may sound, the CVE-2024-10924 vulnerability in the plugin called Really Simple Security has a CVSS rating of 9.8 and is classified as critical. In essence, it exists thanks to an error in the authentication mechanism, due to which an attacker can log on to the site as any of the registered users and with their privileges (even administrator rights). As a result, this can lead to the takeover of the website.

Proof of concept that shows exploitation of this vulnerability can already be found on GitHub. Moreover, apparently its exploitation can be automated. The researchers from Wordfence who discovered CVE-2024-10924 have called it the most dangerous vulnerability they’ve seen in 12 years of working in the field of WordPress security.

Who’s vulnerable to CVE-2024-10924?

Users of both paid and free versions of the Really Simple Security plugin starting from build 9.0.0 and ending with 9.1.1.1 are vulnerable. However, to exploit CVE-2024-10924, the plugin must have the two-factor authentication function enabled (it’s disabled by default, but many users choose this plugin specifically for this feature).

Thanks to the existence of a free version of the plugin, it’s extremely popular; researchers say that it’s installed on around four million sites.

How to stay safe

First of all, it’s recommended to update the plugin to version 9.1.2. If for some reason this isn’t possible, it’s worth disabling the two-factor authentication verification – but this is obviously not ideal since it weakens the security of your site. WordPress.org has enabled an automatic plugin update mechanism, but administrators are advised to go to the control panel and make sure that the plugin has been updated.

The plugin developer’s website also has a section with tips on updating it if the automatic update doesn’t work.

In addition, even if you promptly updated the plugin and at first glance didn’t notice any malicious activity on the site, it makes sense to carefully study the list of users with administrator rights – just to make sure there are no new unfamiliar entries there.

Kaspersky official blog – ​Read More

Apple has released a new security update to address two zero-day vulnerabilities that have been actively exploited in the wild. The update, released on November 19, 2024, affects iOS, iPadOS, macOS, visionOS, and the Safari browser and is part of Apple’s ongoing efforts to protect its users from increasingly sophisticated cyber threats.

The Apple vulnerabilities, identified in JavaScriptCore and WebKit, are serious, as they could allow maliciously crafted web content to execute arbitrary code or carry out cross-site scripting (XSS) attacks.

Apple was alerted to the potential for active exploitation of these flaws, particularly on Intel-based Mac systems, which prompted the urgent release of Apple Security Updates and Rapid Security Responses to address the issues immediately.

Details of the Apple Security Update

The updates address two primary Apple vulnerabilities in the WebKit and JavaScriptCore components, both of which are essential for web content processing in Apple devices.

These flaws could allow attackers to run arbitrary code or inject harmful scripts into web pages viewed through Apple’s browser technologies. If exploited, these vulnerabilities could compromise the security and privacy of users, putting them at risk.

• CVE-2024-44308, identified by security researchers Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group, is the most critical of the two issues. It relates to a problem in WebKit, Apple’s open-source web browser engine, which could allow malicious web content to lead to arbitrary code execution on affected devices.
• A second vulnerability in WebKit concerns cookie management, which could enable cross-site scripting attacks. The flaw could allow an attacker to manipulate cookies, potentially stealing sensitive user data or performing malicious actions under the guise of trusted websites.

These issues have been addressed with patches designed to improve the state management and verification processes in both JavaScriptCore and WebKit, blocking any attempts to exploit these vulnerabilities.

Apple’s Security Response

In keeping with its policy of prioritizing user safety, Apple did not confirm the details of these vulnerabilities until it had thoroughly investigated the issues and deployed updates. The company typically follows a strict protocol when it comes to security matters, releasing fixes only after extensive testing to ensure that the vulnerabilities are adequately addressed.

As part of the release process, Apple has rolled out Apple Security Updates for a range of devices, including the iPhone, iPad, Mac, and Apple Vision Pro. The following updates were released on November 19, 2024:

• Safari 18.1.1 for macOS Ventura and macOS Sonoma: This update fixes the issue in JavaScriptCore and WebKit, ensuring that maliciously crafted web content can no longer execute arbitrary code on affected systems.
• visionOS 2.1.1 for Apple Vision Pro: This update addresses the same vulnerabilities affecting macOS devices, ensuring the security of Apple’s newest AR headset.
• iOS 18.1.1 and iPadOS 18.1.1: These updates apply to a wide range of devices, including the iPhone XS and later, iPad Pro 13-inch, iPad Air 3rd generation, and newer models.
• iOS 17.7.2 and iPadOS 17.7.2: This update also addresses the critical vulnerabilities for earlier versions of iPhones and iPads, extending the security patch to models as old as the iPhone XS and iPad 6th generation.
• macOS Sequoia 15.1.1: This security patch was issued for the latest macOS Sequoia and addresses the vulnerabilities in JavaScriptCore and WebKit.

Impacts and Risks

The vulnerabilities targeted by these updates are serious, as they could allow attackers to exploit unpatched devices in order to take control of systems, steal data, or disrupt operations. Apple’s proactive release of security updates and Rapid Security Responses is aimed at mitigating these risks by providing users with timely protection against active exploitation. The company has stressed that these vulnerabilities were actively being used in the wild, making it crucial for users to install the updates as soon as possible.

Apple’s commitment to Apple vulnerability updates and security releases underscores the company’s ongoing effort to secure its products against evolving threats. The rapid rollout of patches is part of Apple’s broader strategy to ensure that its devices remain secure, even as cybercriminals develop increasingly sophisticated attack techniques.

How Users Can Stay Protected

To stay protected, users are encouraged to install the latest updates as soon as they are available. These updates are critical not only for closing the immediate vulnerabilities but also for ensuring long-term device security. Apple has made it easy to check for updates by navigating to the Settings app on iOS or iPadOS devices or through the System Preferences or Software Update sections on macOS.

Apple’s detailed security documentation, available on its website, provides insights into each security update and the specific vulnerabilities addressed. The company also advises users to be cautious about visiting suspicious websites or downloading content from untrusted sources, as these are common vectors for exploitation.

The post Apple Rolls Out Urgent Security Updates to Address Actively Exploited Zero-Day Vulnerabilities appeared first on Cyble.

Blog – Cyble – ​Read More