Problematic Zero-Day Apple Patch
by Artie Kaye
An update released for Rapid Security Devices was preventing Safari to be recognized as a valid browser. The patch has been removed from availability, and a new patch will be available soon from the company. The workaround offered by the company is to disable and remove the software until the new version is made available.
The specific affected software versions are:
- Rapid Security Response iOS 16.5.1 (a)
- iPadOS 16.5.1 (a)
- macOS Ventura 13.4.1 (a)
Edit: New patches have been released, marked as (c), and these patches should be applied immediately. More details from Apple can be found here: https://support.apple.com/en-us/HT213823 and https://support.apple.com/en-us/HT213825
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
Office Zero-Day
by Artie Kaye
Microsoft informed the public of an active exploit they are working to fix. The flaw could severely compromise targeted devices, granting high levels of access. The initial staging requires a user on the device to open an infected Office file. The mitigations include having Defender for Office active and preventing Office from creating child processes. A third option requires registry editing, which would be best deferred to your technical support team.
As with many attacks, it can only be successful with initial user interaction. A friendly reminder to not open files from untrusted sources and to scan incoming files before opening them.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)