SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Apple releases patches for iPad OS, iOS
Description: Apple released security updates for iPhones, iPads and Mac desktops last week, warning of two security vulnerabilities that attackers were actively exploiting in the wild. The two security issues exist in WebKit, the browser engine for Safari and other Apple apps. Apple said an attacker could exploit these vulnerabilities if a targeted device accessed attacker-created content that could lead to code execution, while another attack could lead to arbitrary code execution with kernel privileges. The flaws affect iOS, iPadOS and macOS Monterey, especially older models of the iPhone and iPad.
References: https://techcrunch.com/2022/08/17/iphone-ipad-mac-zero-days/
Snort 3 SIDs: 300244
Title: Cisco patches high-severity vulnerability in AsyncOS
Description: Cisco released patches for a high-severity vulnerability in AsynchOS for Cisco Secure Web Appliance. CVE-2022-20871 exists because the software improperly validates user input from the web interface. An attacker could exploit this vulnerability by authenticating to the targeted system and then elevating their privileges to root. However, the attacker first needs to acquire appropriate read-only credentials. Cisco stated in a security advisory that is not aware of any exploitation attempts of this in the wild.
References:
- https://www.securityweek.com/cisco-squashes-high-severity-bug-web-protection-solution
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8
Snort SIDs: 60424 - 60427