A critical vulnerability in Ivanti’s Cloud Service Appliance (CSA) has been actively exploited by attackers. The flaw, tracked as CVE-2024-8190, allows attackers to gain unauthorized access to sensitive data and execute arbitrary commands on vulnerable systems. The vulnerability exists in the CSA’s authentication mechanism and can be exploited by attackers who can send specially crafted requests to the CSA. This attack vector allows attackers to bypass the CSA’s security measures and gain access to the underlying operating system. The vulnerability has been exploited in the wild by a suspected nation-state adversary. There are strong indications that China is behind the attacks. Organizations using Ivanti CSA should prioritize patching the vulnerability immediately to reduce their risk of being compromised.
Qualcomm released its monthly security bulletin in October 2024, addressing numerous vulnerabilities impacting its proprietary software and open-source components. Notably, one critical vulnerability in Qualcomm’s proprietary software and another in open-source components are actively exploited in the wild. The vulnerabilities impact Snapdragon mobile platforms and FastConnect solutions, posing a significant risk to system integrity and potentially allowing attackers to execute arbitrary code on affected devices. CVE-2024-43047, a high-severity Use-After-Free flaw in the DSP Service, has been confirmed to be under limited, targeted exploitation. Qualcomm has provided patches for this vulnerability, urging immediate deployment to mitigate the risk. CVE-2024-33066, another critical vulnerability in the WLAN Resource Manager, could lead to memory corruption and remote code execution (RCE), potentially allowing attackers to fully compromise the device. This vulnerability arises from improper input validation, making it crucial for users with affected devices to update their Snapdragon components to the latest firmware version as soon as possible.
Qualcomm has issued a security bulletin addressing multiple vulnerabilities affecting its products, including a critical vulnerability, CVE-2024-43047, that has been actively exploited in targeted attacks. The vulnerability resides within the FASTRPC driver, a critical component responsible for device communication processes. Exploitation of this vulnerability could lead to remote code execution, granting attackers control over affected devices and access to sensitive data. This underscores the importance of prompt patching and highlights the vulnerability of device communication processes to malicious actors. Original equipment manufacturers (OEMs) have received patches to address this vulnerability, and they are strongly encouraged to implement these updates without delay. Users should also contact their device manufacturers for specific patch details and guidance to ensure their devices are protected.