Microsoft and Apple Race to Patch Zero-Day Vulnerabilities as Cyber Attacks Escalate
Cybersecurity experts have raised alarms over recent developments in malicious software attacks. Microsoft and Apple have both patched critical vulnerabilities, while hackers are exploiting new methods to bypass security measures.
Microsoft has identified a worrying trend of hackers using open-source software, popular among video game cheaters, to sign malicious system drivers. This month alone, Windows has four patched vulnerabilities that are already being exploited in active attacks, including two privilege escalation flaws. Meanwhile, Apple released and then pulled an emergency update for a zero-day vulnerability in Webkit, causing issues loading certain websites. This is the second month Apple has used its Rapid Security Response updates for time-sensitive vulnerabilities.
Exploitation of CVE-2023-36884 may lead to the installation of the RomCom trojan or other malware, linked to Russian intelligence operations. Microsoft has released updates to fix 130 security bugs, including five actively exploited flaws, in Windows and related software. The company has attributed the cyber-attack involving the RomCom trojan, spread through the zero-day vulnerability CVE-2023-36884 in Microsoft Office, to the APT (Advanced Persistent Threat) group Storm-0558. This group is known for targeted attacks related to spying and data theft, and has been linked to state-sponsored activities on behalf of China.
Microsoft is actively investigating a fifth zero-day vulnerability (CVE-2023-36884) and promises to update the advisory soon. Multiple Chinese-speaking threat groups have repurposed these tools for malicious purposes, giving their malware additional capabilities. Microsoft plans to address the threat of malware cryptographically signed by Microsoft to prevent malicious driver files from running on Windows computers. July marks the sixth month this year that Apple has released updates for zero-day vulnerabilities in their devices.
The increasing sophistication of cyber attacks highlights the need for constant vigilance and prompt patching of vulnerabilities. Both Microsoft and Apple have demonstrated their commitment to addressing these threats, but users must also play their part in maintaining robust security practices.
