Security Roundup July 2023

July 2023: the industry mourns the loss of Kevin Mitnick. Apple, Citrix, MobileIron and OpenSSH all disclose critical zero-day vulnerabilities, and is it GameOver for Ubuntu?

This month, the security industry lost one of its most famous former black hat hackers and a deluge of actively exploited zero-day vulnerabilities created work for IT admins around the globe!

Kevin Mitnick (1963 – 2023)

Kevin Mitnick, a renowned figure in the cyber security industry, passed away on the 16th of July, aged 59. Mitnick’s journey left an indelible mark on the industry. From a troubled past as a hacker to a transformative advocate for ethical practices, at one time labelled ‘the world’s most wanted hacker’. Kevin Mitnick’s social engineering and penetration testing expertise shaped modern cyber security. He was also the author of numerous influential books, such as ‘Ghost in the Wires’ and ‘The Art of Invisibility’. He leaves behind his wife, Kimberley, their unborn child and a massive legacy in our industry.

Zero-Days. Zero-Days, Everywhere!

Numerous actively exploited zero-day vulnerabilities were identified this month, impacting Apple, Citrix, Ivanti MobileIron and OpenSSH. Two privilege escalation vulnerabilities in the OverlayFS module in Ubuntu were also disclosed, affecting 40% of Ubuntu cloud workloads.

Apple: CVE-2023-38606

Apple rushed out security updates for zero-day flaws, which are being actively exploited in iOS, iPadOS, macOS, tvOS, watchOS and Safari. Researchers at Kaspersky identified that spyware used by Operation Triangulation actively exploits the vulnerability.

Citrix: CVE-2023-3519

On the 18th of July, Citrix disclosed that Citrix Netscaler ADC and Gateway servers are vulnerable to attacks exploiting a critical remote code execution. Attackers are actively exploiting this vulnerability to install webshells on affected devices. The supplier has released updates for the impacted systems.

MobileIron: CVE-2023-35078

An actively exploited authentication bypass has been patched in Ivanti Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core). Whilst the company is keeping relatively tight-lipped about the vulnerability, the Norwegian National Security Authority announced that the exposure impacted 12 government ministries.

OpenSSH: CVE-2023-38408

Qualys Threat Research has discovered a remote code execution vulnerability in OpenSSH’s forwarded ssh-agent. This vulnerability could allow an attacker to run arbitrary commands on vulnerable systems using OpenSSH before 9.3p2 under certain conditions. OpenSSH is a popular tool for remotely managing firewalls, routers and Linux servers. Users of OpenSSH are advised to update as soon as possible.

Ubuntu OverlayFS module: CVE-2023-2640 and CVE-2023-32629

Researchers at Wiz have identified flaws in Ubuntu’s modifications to OverlayFS. These flaws allow the creation of executables which can escalate privileges to root on affected systems. Ubuntu have released fixes for vulnerable versions.

Get patching!