Curated Content | Thought Leadership | Technology News

Zero-Day Vulnerabilities in Apple, Fortra, and Atlassian Trigger Security Warnings

Federal agencies have two weeks to patch
Kelsey Brandt
Contributing Writer

In recent days, the cybersecurity community has been alarmed by a spate of new vulnerabilities affecting products from several major technology companies, including Apple, Atlassian, Fortra, and others. These vulnerabilities, which have been exploited by cybercriminals and potentially nation-state actors, pose significant threats to digital security and infrastructure. The Cybersecurity and Infrastructure Security Agency (CISA) along with other cybersecurity experts have issued warnings about these vulnerabilities, emphasizing their severity and the urgency of addressing them. This includes a notable zero-day vulnerability in Apple products, which is the first such issue announced by Apple in 2024, following a year where the company patched 20 zero-days.

Why it matters: The identification and exploitation of these vulnerabilities represent a critical concern for cybersecurity worldwide. They affect widely-used products and systems, exposing a vast array of users and organizations to potential cyber attacks. The implications of these vulnerabilities range from unauthorized access and data breaches to more severe scenarios like ransomware attacks and espionage.

  • Apple Vulnerability (CVE-2024-23222): Apple disclosed a significant zero-day vulnerability affecting iPhones and iPads, allowing cybercriminals to execute arbitrary code. CISA has mandated federal civilian agencies to patch this vulnerability by February 13.
  • Fortra’s GoAnywhere Software Flaw (CVE-2024-0204): Researchers warned about a critical vulnerability in Fortra’s file transfer software, enabling attackers to create admin accounts and gain extensive system access. Fortra advised customers to apply patches, rating the vulnerability as critical with a 9.8 CVSS severity score.
  • Atlassian and Apache Software Attacks: Atlassian’s Confluence Data Center and Servers are under threat due to a highly severe vulnerability (CVE-2023-22527), while Apache products are compromised by an older vulnerability (CVE-2023-46604) used for deploying malware, including ransomware and crypto-miners.
  • VMware vCenter Servers Exploited (CVE-2023-34048): Mandiant reported that an espionage group linked to the Chinese government has exploited a vulnerability in VMware vCenter Servers since 2021. CISA has added this bug to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch it by February 12.

Go Deeper -> Cybersecurity experts warn of new vulnerabilities affecting Apple, Atlassian and Fortra products – The Record

×
You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Online conference of work team on the screen
When the game changes, you can learn to keep up and level up or get left out. Whether you’re operating from C-suite, an aspiring entrepreneur...

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters